Governance is at the centre of effective technology risk management. Those charged with governance should work with the management team to develop and oversee the firm’s technology strategy and risk management program.
Diagram
Risk Assessment within The Risk Management Process |
Risk Management Hierarchy |
Process of Manging Risk (Technology)
1 Identify critical technology and vendors
2 Identify risk events
3 Assess the risk of the event
3.1 Likelihood
3.2 Impact
4 Design and implement controls to manage risk events
4.1 Risk Management Matrix
5 Review and update the risk register
Principles of Technology Risk
Risk Assessment
Risk Assessment Process |
References
- NIST’s Guide for Conducting Risk Assessments - Publication 800-30
-
- • Special Publication 800-39, Managing Information Security Risk: Organization, Mission, and Information System View;11
- • Special Publication 800-37, Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach;
- • Special Publication 800-53, Recommended Security Controls for Federal Information Systems and Organizations; and
- • Special Publication 800-53A, Guide for Assessing the Security Controls in Federal Information Systems and Organizations: Building Effective Security Assessment Plans.
- NIST Cybersecurity Framework,
- Fundamentals of Technology Risk Management (pdf)
via Blogger http://blog.51sec.org/2023/01/risk-management.html
January 24, 2023 at 09:00PM Architecture