Decrease and manage the risks

The risk analysis module of Mehari covers:

• The identification of situations that may hamper the expected results of the organization or any part of it.
• The evaluation of:
  • The probability level of such situations,
  • The possible consequences,
  • Decision criteria to reduce, transfer or retain the risk.
• The bringing upfront of security measures able to reduce the risk to an acceptable level.

This risk analysis, plans in general to:

• Define the measures which will better fit to the context and the stakes: this being a classical process based on a risk analysis driven security policy,
• Organize a risk management process and guarantee that all the critical risk situations have been identified and considered: this being a risk driven policy of security management,
• Analyze and manage the risks for a new project (IT application, business process, site, etc.).

Mehari provides:

• A risk model and associated assessment tools to evaluate:
  • The intrinsic potentiality of predefined risk situations (i.e. while no security measure is in place),
  • The intrinsic level of consequences of the risk situation (i.e. if no measure is in place),
  • Each opportunity to reduce the risk thanks to additional security measures depending on their efficiency.
• Automated reckonings of the seriousness level of the risks,
• A structured process with associated guidelines,
• Knowledge bases of risk situations,
• Rules for the consolidation of the risk analysis resulting in an optimal setting of action plans.