Risk analysis

An information security risk analysis is used to assess the current state of security and identify the risks to which your system is exposed. It forms an important input for making decisions about security investments.

What is an information security risk analysis

The objective of information security risk analysis is to identify and assess risks in the area of protection of company information, usually in terms of confidentiality, integrity and availability. Depending on the methodology, however, risk analysis typically addresses what threats can exploit what asset vulnerabilities and with what overall impact it will have to the organization.

Risk analysis attempts to describe reality, but this tends to be simplified due to its high level of complexity. Of course, the more accurate the risk analysis, the more challenging it will be to implement and keep it up-to-date and informative. We are identifying ways of processing the risk analysis in such a way that its objectives are met, especially in terms of its complexity and accuracy.


  • Prioritising further security investments and projects
  • Determining the optimal balance between investment and the level of security achieved
  • Obtaining information on the level of IS security achieved by an independent party
  • Identifying risks and vulnerabilities that pose an immediate threat to the organisation's key functions and assets
  • Creating the basis for the development of the organisation's ICT security documentation
  • Identification of threats such as data leakage, abuse of privileges, human error, etc., including possible abuse scenarios
  • Significant increase in IS security by implementing the proposed measures
  • Obtaining arguments for management decisions on allocation of investments in IS security

Solution description

The solution can take the form of either a comprehensive delivery or a consultancy. We also offer only a selected part of the delivery. We can help with the choice of methodology and we have experience with various methodologies, e.g.: methodology according to ZoKB (CZ and SK), ISO 27005, but also other clients' individual methodologies.

Furthermore, we can help in compiling or updating a catalogue of the organization's assets, including the valuation of assets or determining the owner of the assets and their grouping into appropriate groups.

We can also help with
  • preparing lists and assessing asset vulnerabilities,
  • cataloguing and assessing threats,
  • preparing risk analysis tools, and processing the data in these tools,
  • preparing actions in response to identified risks,
  • preparing a plan for the implementation of these measures.

Services offered

We will advise and recommend options for risk analysis, we will discuss the proposals of both parties, then the implementation will be totally up to you. 

Comprehensive implementation
We will carry out the risk analysis to your requirements with only partial (minimum required) knowledge and work on your part.

Partial implementation
We will carry out a risk analysis according to your requirements only for selected parts according to your wishes.

Updating the analysis
We will update the existing year-to-date analysis.


Are you interested in more information or an offer for your specific situation?

By submitting the registration form, I declare that I have familiarized myself with the information on the processing of personal data in ARICOMA.