The Work shall be structured in six phases:
- Scoping – Define and agree the scope of the environment to be assessed.
- Business impact assessment – Assess potential business impact should the information assets be compromised.
- Threat profiling – Profile and prioritize all threats that are relevant to the environment being assessed. Identify the potential ways the highest priority threats could manifest to cause harm to the environment being assessed.
- Vulnerability assessment – Assess the vulnerabilities associated with each in-scope threat event for the environment being assessed. Assess the degree of vulnerability of each component in the environment being assessed to the in-scope threat events.
- Risk evaluation – Derive the risk rating for each risk using established scales for business impact, threats, and vulnerabilities.
- Risk treatment – Determine a risk treatment approach for each identified risk.
The client current risk assessment methodology is based on Information Security Forum’s “Information Risk Assessment Methodology 2”.
The Contractor’s personnel shall be able to handle a wide range of different types of risk assessments including:
- Cloud solutions
- Business support systems
- Industrial control systems
- Office locations
- Off- and onshore plants
In addition, the Contractor will be expected to participate in further maturing and professionalizing established risk assessment services. This includes improvement of individual risk assessments phases as well as tweaking and bettering our underlying risk management methodology
- Bachelor/Master degree or equivalent 3-7 years within risk assessments
Duration Asap - 2 years (estimated)
Location Stavanger or Bergen
Visit Inside Omega to browse the unique advantages available to our team. InsideOmega.com
Stavanger / Bergen
Et norsk oljeselskap / a Norwegian oil company
08 mar 2019
22.03.2019 10.00 CET