Risk Management

Risk Management is a process that, as a first step, increases risk awareness and afterwards manages the risks to which the company’s assets are exposed. This process, within the IT environment, allows for the definition of guidelines aimed at reducing the risks and improving the company’s security posture. The main components of this service are:

  • Risk Assessment: definition of the scope, evaluation of the key parameters (such as assets, vulnerabilities, threats, impacts, and countermeasures), and estimation of the residual risk.
  • Risk Treatment: if the detected risk level exceeds the acceptable threshold, a set of activities is defined, evaluated, and implemented in order to reduce the risk level to the agreed limits.

The results can be expressed either qualitatively or quantitatively.


Tools and methodologies

@Mediaservice.net makes use of risk analysis methodologies internationally recognized.


Optional services

@Mediaservice.net recommends, as an opportunity to optimize and broaden the relevance of the results provided by the described service, the following additional options:

  • IT Risk Management Training - theoretical courses and practical coaching of the personnel in charge of IT Risk Management in order to enable it to autonomously carry out a broad range of activities;
  • Internal methodology definition - creation of an internal methodology in the Client's specific environment, formally establishing criteria, restrictions, roles and responsibilities, execution modes, and guidelines to be followed internally.
  • Quantitative method - a financial evaluation is added to the risk management activities in order to allow for an universal and objective risk assessment, together with a cost-benefit analysis of the countermeasures taken to mitigate it.


Risk Management - 567,94 kB Download the service datasheet.