Based on the results of the audit, the company can draw up a risk matrix of identified vulnerabilities and shortcomings and their impact on the company.
The idea is to try to compare the measures and costs necessary for each risk in terms of availability, integrity and confidentiality.
This approach makes it possible to define priorities for action and corrective measures and informs the company’s strategic decisions.
For example, regarding investments, the protection and tools to be put in place and the projects to be implemented, as well as the general planning of these corrective measures.