Risk Assessments

This is also true for other strategic-level corporate decisions such as:

• Entering a new market
• Corporate takeovers
• Partnerships, strategic alliances, commercial or franchising agreements etc.
• Agreements with suppliers, key accounts etc.
• Outsourcing
• Development of the company’s facilities, information and communication systems along with other infrastructure

The risk assessments, performed by CERTA’s researchers, analysts and security advisers, include the following components:

• A threat assessment that contains a description and assessment of the company’s profile, assets and situation (i.e. what is at stake); the general threat environment (the relevant context); the opponents’ motivation, will, capacity and goals (the extent and character of the threats to the company); the modus and scenarios (the concretisation of the threat spectrum); a general assessment and eventually an assessment of the threat level.
• An impact assessment that focuses on both the immediate and longer-term, overarching effects, in the event that the described threats materialise.
• A vulnerability assessment that reviews the established security measures and on that basis assesses the company’s vulnerability in relation to the previously assessed threat environment.
• A risk assessment that summarises the different elements by combining threat, vulnerability, probability and impact analyses.
• Recommendations listing how the company best mitigates its risks to what it considers an acceptable level and eventually estimates the costs linked to the various aspects of risk mitigation.