Now, before we have acknowledged which services are important, we have to carry out a risk- and vulnerability assessment.

What will we do?

For every security aspect, we will show which threats there are and which demands should be set to the level of security. Of course, there are general threats such as power outage, an error in the backup, ransomware, etcetera. Maybe you can also extend the analysis by identifying other threats in your organization.

The chance for each threat to show up should also be evaluated, as well as the impact on your organization.

You have created measures to minimize all of the risks. You will most likely have a security installation to reduce the threat of thieves stealing your equipment. Maybe you have already signed a data processing agreement with your cloud provider to be sure that your files are handled correctly. All of your virus scanners are up to date and you have already made a backup. In short: you have taken care of many aspects to protect your organization.

By combining all of these issues we can evaluate the risk your company is experiencing with a service. You can objectively assess whether you are experiencing too much risk. You know that it is not possible to counter all of the risks and trying to do this may result in high costs..