An Iberian company specializing in Emergency Services faced challenges in identifying information assets susceptible to a cyber attack and determining the owners of those risks. Additionally, the organization struggled with analyzing and evaluating information security risks.
Following the application of the Magerit methodology with GRC activities based on this method, the outcomes were rather advantageous. Risk visibility was achieved, enabling the definition of a cybersecurity posture and strategy. The identification and scale of potential risks were enhanced, and proposals for improvement actions, safeguards, and risk charts were developed. Ultimately, the organization now possesses the skills and capabilities to prevent and reduce costly security incidents and avoid compliance issues.