Talk to a security advisor — a free 30-minute review
AlphaCISO®
Contact us
All servicesService

Risk Assessment

Risk decisions you can defend.

A risk register is only as good as its method

Auditors and regulators do not just want a risk register — they want to see the methodology behind it. An asset-based risk assessment grounds every entry in something real: a system, a dataset, a process that matters to the business. From there, threat, likelihood, and impact are scored consistently, so two assessors would reach comparable conclusions. That repeatability is what makes treatment decisions defensible. We build the assessment and the method together.

This suits ISMS programs, regulatory submissions, and any board that needs to understand its exposure in plain terms.

What we do

  • Inventory. We identify and value the assets that matter — systems, data, and the processes they support.
  • Analyse. Each asset is assessed for threats, vulnerabilities, likelihood, and impact on a consistent scale.
  • Register. Risks are scored, assigned owners, and ranked so attention goes where exposure is highest.
  • Treat. Every risk gets a decision — accept, mitigate, transfer, or avoid — with a rationale that holds up.

Aligned to recognised standards

The methodology follows ISO/IEC 27005 and NIST SP 800-30, so the output slots directly into an ISO 27001 ISMS or a regulatory filing without rework.