Cybersecurity risk analysis

Cybersecurity risk analysis is required by law. It is essential for achieving compliance as a key service operator with the requirements of the National Cybersecurity System Act. The legal basis includes the regulation on the types of documentation related to cybersecurity for information systems used to provide key services (Journal of Laws 2018, item 2080) and the regulation on organizational and technical conditions for entities providing cybersecurity services and internal organizational structures of key service operators responsible for cybersecurity (Journal of Laws 2018, item 1780).

The service is targeted at operators of essential services (OES), including entities providing services of critical importance for maintaining essential social or economic activities, such as service providers in the energy, transportation, banking, financial market infrastructure, healthcare, drinking water supply and distribution, and digital infrastructure sectors. According to the National Cybersecurity System Act, OES are required to implement cybersecurity documentation for the information system used to provide essential services, in compliance with the requirements of ISO/IEC 27001 and ISO 22301 standards, as well as to assess cybersecurity risks and implement appropriate safeguards.

Security auditors, IT security experts, managers, and specialists who deal with cybersecurity, risk management, or business continuity should particularly focus on continuously improving their skills in this area.

The service includes checking vulnerabilities and threats in cyberspace, particularly the risk of attacks and damage to IT solutions and infrastructure. The risk analysis is divided into four stages, during which we conduct an audit to verify whether your organization meets the organizational and technical obligations of a critical service operator. We also perform an impact analysis and risk assessment concerning the security of the service. Finally, we prepare and update the documentation required by the National Cybersecurity System (KSC) Act.

The analysis is essential to develop a cybersecurity management process and documentation in accordance with the KSC Act and the Regulation of the Council of Ministers of October 16, 2018. Through the audit and subsequent recommendations, your organization will gain confidence that it meets the obligations of key service operators under the NIS Directive, the KSC Act, and the referenced standards. You will receive practical knowledge and methodology from us on how to manage crisis situations and assess the risk of cybersecurity incidents.

The cost of a cybersecurity risk analysis depends on factors such as the size of the organization, the nature of its operations, the market environment, and the complexity of the processes involved. We provide a customized quote for each service, taking into account the scope and preferred timeline.

A cybersecurity risk analysis usually takes up to a few weeks, but it largely depends on the size of the organization and the specifics of the project. The implementation schedule is tailored to the individual needs and expectations of your organization.