A detailed, regularly updated risk analysis is one of the key elements of information and cyber security. It tells companies what assets they have, how important they are, and how efficiently they are protected against cyber threats. Nonetheless, some companies still think that a few Excel sheets are enough in terms of risk analysis.
But forms or tables containing large risk analyses can be confusing and are a pain to update – which is why we developed our own tool called SARA (risk analysis as a service). Instead of tables or walls of text, SARA uses models or schemes to represent complex data – because that’s the easiest way for our brain to process information.
SARA combines standard risk analysis methods and Enterprise architecture (EA) modelling to provide results that are more detailed, but also clearer and more comprehensible. KPMG SARA models don’t just describe a problem – they also offer a solution. And by adjusting the model, you will simultaneously adjust the risk analysis results, too.
Sample from the KPMG SARA tool
Connect the dots immediately
Model threats, weak points, solutions, and context – all represented in neat graphics, in one place. The model will immediately show you the connections between your assets, allowing you to improve your analytical conclusions and protect these assets even better.
Our solution is equipped with catalogues of different types of threats, weak points, and measures, all in accordance with applicable legislation (Act on Cyber Security, the Cybersecurity Decree, NIS 2) standards (ISO/IEC 27000 family, NIST, etc.), field-specific requirements and your needs.
One basic KPMG SARA model contains:
- Standardized records and summaries of risk analysis, including list of assets that you must protect and their respective importance
- An option to assign risks and measures to individual guarantors
- Cyber risks that your assets face
- Threats and weak points affecting individual systems and assets
- Assessment of current measures and their effectiveness
- Tips, information, and advice on how to determine priorities for planned investments and operation of cybersecurity measures
- Efficiency of current cybersecurity measures
- More useful, powerful features