Hello,
I have experience performing risk assessments using different methodologies as CRAMM, ISO 27001, Ebios, and others. My approach is to build a profile of the company based on the questions and information gathered, modeling a stream value, identifying the products and services delivered by the company. At this point the client can define the scope of the analysis. The next step is to analyze the business impact to set the security posture in terms of confidentiality, integrity and availability.
We can follow identifying the technology used and set the dependencies. After define the technology we can analyze the vulnerabilities of the technology used. The resulting risk is the crossing the security posture and the vulnerabilities of the technology that support them.
With the risks defined we can recommend the countermeasures.
All the information described before are include into the report.
To get a successful assessment is necessary information of the company and one contact person in charge of look for the responses to the questions into the company.
I am always available for interview. I will able to start your project as soon as possible according to you.
Thank you for your consideration
Best Regards,
Jesús A. Suárez