Posted on 10.3.2015 by ms
CYBERPOL has published the first international CYBERBOK (.pdf) body of knowledge on cyber crime risk management in relation to ISO 31000.
ISO 31000 (.pdf) is an international standard developed to help organizations of all sizes manage any type of risk, whether it has negative or positive consequences. It is a useful document for any organization that wants to develop their own approach to risk. Also, ISO 31000 can be applied to any strategies, decisions ,operations, processes, functions, projects, products, services or assets.
SVAT fits in with CYBERBOK methodology by using the ISO 31000 standard and complies with the risk management principles for an effective risk free environment. Moreover, with our product we help customers cover the most important risk management principles. Let us explain how SVAT relates to ISO 31000 (see full definition here):
e) Risk management is systematic, structured and timely
SVAT offers a systematic, structured and timely approach to risk management. Time analysis helps analysts to get in short time overview of the whole situation. Many connectors, that are included in SVAT, allow our users to see the threats in their systems at the right time and take action accordingly. Thus, reducing risk before it happens.
f) Risk management is based on the best available information
SVAT detects inconsistencies in data that might indicate a threat. Then it provides the user with valuable information that helps him take action and prevents any damage to his organization.
g) Risk management is tailored
Users are able to customize SVAT to fit their needs. You can create your own connector or change screen layout, fonts, colors, etc. SVAT provides users with simple and organized information on internal and external operating environments, which helps users easily detect threats.
k) Risk management facilitates continual improvement of the organization
Implementing SVAT will reduce risk, allowing your company’s objectives to continue uninterrupted by the noise of cyber threats. You can dynamically add new datasources to refine your analysis and your charts. SVAT can fetch the data in real time, so you will have always fresh informations.
Figure 1 illustrates the relationships between the risk management principles, framework and process:
Figure 1.
Whenever you want to reach a certain goal, there are always things that do not go according to plan. So with every step you take towards an achievement, you will be confronted with uncertainty. The implementation of SVAT and ISO 31000 will reduce uncertainty and make your company work at its best. SVAT will provide valuable information that will allow you to make the best decisions in managing your risk.
Sources and further reading: