On the 13th and 14th of February, EGI CSIRT organised a Workshop on Information Security Risk management, which took place in Amsterdam.

Information security risk management (ITSRM) is a crucial process for identifying, assessing, and mitigating the risks that threaten the confidentiality, integrity, and availability of information assets and systems. It is a continuous process that needs to adapt to the threat landscape and objectives of the organisation, and it requires constant evaluation and improvements. As EGI is part of the consortia in the European Commission’s procurement for further development of EOSC, risk management is the basis for providing secure services, that comply with legal and regulatory requirements. Based on the identified risks, their likelihood and impact, the security measures will be implemented.

The objective of the meeting was to discuss the implementation of the EC ITSRM2 standard (in combination with ISO27001, and NIST CSF) and to share the know-how, experience and challenges with the experts from this domain.