SGE; provides information security risk analysis services for military and public institutions and private sector organizations. Risk analysis projects can be done on software and system basis. Corporate risk analysis service is provided within the scope of ISO 27001 certification.
In this context, business processes of the organization are analyzed and critical business processes are defined; assets and dependencies between assets in these operations are identified and asset valuation is carried out. Then, the risk values for the asset or process are calculated by determining the probability and impact values for the risks that affect these assets. Risks are documented in detail in accordance with the content of the project. In accordance with the threats, the measures are identified according to the requirements defined in ISO 27001 and NIST SP 800-53 standards, Measure maturity levels are determined with customer and these are documented in accordance with the content of the project. The risk analysis is performed after the implementation of the measures. Finally, the risk study is carried out and the remaining risk is evaluated after the implementation of the measures.