Torus IT Security
Menu

Risk Analysis

ISO 27005 risk analysis, delivered in Excel.

A pragmatic workflow to structure context, assets, scenarios, assessment and treatment. AI accelerates preparation; the team keeps the arbitration.

  • Guided steps. Work moves through successive validations, not opaque generation.
  • Standalone workbook. Excel remains readable, shareable and compatible with MONARC practices.
  • Human validation. Proposals must be reviewed and arbitrated by the team.
sample workbook sample-risk-analysis.xlsx
sample-risk-analysis.xlsx
RisksAssetsTreatment
AssetScenarioTreatmentStatus
DirectoryCredential compromiseReduceValidated
Client portalUnavailabilityReduceTo validate
HR databaseData leakReduceIn progress
Mobile devicesLoss or theftReduceValidated
ISO 27005-readable · MONARC-compatible export.

Method

Guided steps, validated decisions.

The analysis is AI-assisted, but grouping, mapping and treatment decisions must remain reviewed and validated by humans.

01

Context scoping

Prepare the inventory, clarify criteria and identify insufficient data before analysis.

02

Asset modelling

Group assets and build a usable base to avoid arbitrary groupings.

03

Evaluation and treatment

Map risks, impacts, likelihoods and treatment elements with AI assistance.

04

Validation and follow-up

Stabilize the Excel workbook, validate it manually and prepare compatible exports.

Excel first

Excel first, not a black box.

The Excel deliverable lets teams review asset groups, risks, assumptions and treatments before moving toward a MONARC-compatible structure.

Excel first sample-risk-analysis.xlsx

ISO 27005-readable · MONARC-compatible export.

RisksAssetsTreatment
01 Directory

Credential compromise

Validated
02 Client portal

Unavailability

To validate
03 HR database

Data leak

In progress
04 Mobile devices

Loss or theft

Validated
01

Asset grouping to reduce noise without losing business meaning.

02

Risk and scenario mapping with controllable explanations.

03

Workbook validation before treatment or export.

04

MONARC compatibility without letting AI generate the final model on its own.

Positioning

AI-assisted, human validation.

01

Torus accelerates preparation but does not replace the risk owner's judgement.

02

Outputs must remain inspectable, correctable and exportable.

03

Excel supports review and collaboration with teams that do not have access to Torus.

04

MONARC is a compatibility layer, not the sole end goal or a promise of automatic compliance.

Start from a real inventory.

A Risk Analysis demo is more useful with an inventory extract or an expected workbook model.