IT Risk Management – ISO 27005

In IT Risk Management, risks associated with information technology are

  • Identified,
  • Analyzed,
  • Evaluated and
  • Treated,
  • Controlled and
  • Monitored.

This procedure according to the requirements of ISO 27005 or BSI standard (IT-Grundschutz) protects companies from potential damage and, despite various changes in the IT infrastructure, enables the

  • Identification of dangers
  • Evaluation of threats
  • Implementation of measures and thus resulting in
  • Risk mitigation and threat reduction


IT risk management: Schematic of the IT risk assessment (ISO / IEC 27005)

For sustainable, effective and cost-efficient IT risk management, it is recommended to proceed according to established standards such as IT-Grundschutz and information security risk management conforming to the requirements of ISO/IEC 27005.

Due to the complexity of the field and the linkage of the business process with the IT assets required for a sustainable risk assessment, it is advisable to fall back on tool support.

The IT risk management system QSEC enables the entire IT risk management process (ITRM) to be optimally supported and implemented in a resource-saving manner. Additionally it also provides all necessary functions for comprehensive operational risk management (OpRisk).


QSEC module IT-Risk Mgmt.


QSEC Online-Demo