Sign up to save your podcasts
Or
Share Addressing the Highest Risks Podcast
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Addressing the Highest Risks Podcast
Send us a text
Addressing the Highest Risks
As we conclude the risk assessment and governance process, the last part will deal with the organization's highest risks, not the highest vulnerability, but rather the highest risks. This work could take the form of desktop exercises or brainstorming sessions. NIST cover this effort in the subcategory ID.RA-6 “Risk responses are identified and prioritized.”
The process NIST lays out are:
- Implement a process to ensure the security program's plan of action and milestones (POA&M) are developed and maintained and that remediation plans are appropriate for the type of risk.
- Review the POA&M for consistency with the organization’s risk management strategy.
Make sure each action in this process has an owner assigned, and each action is viewed from an organizational perspective. When running scenario-based testing, make sure that representatives from each affected business area are involved in the exercise to ensure a common understanding.
========
*** FREE GUIDE ***
https://www.execcybered.com/asset-management
Blog: https://www.execcybered.com/blog
Training: https://www.execcybered.com/iso27001foundationcourse
Linkedin: https://www.linkedin.com/company/exceccybered/
Twitter: https://twitter.com/DrBillSouza
Instagram: https://www.instagram.com/drbillsouza/
Youtube: https://bit.ly/3BGOtPA
Thanks.
Dr. Bill Souza
CEO | Founder
www.execcybered.com
View all episodes
By Dr. Bill Souza
5
11 ratings
Send us a text
Addressing the Highest Risks
As we conclude the risk assessment and governance process, the last part will deal with the organization's highest risks, not the highest vulnerability, but rather the highest risks. This work could take the form of desktop exercises or brainstorming sessions. NIST cover this effort in the subcategory ID.RA-6 “Risk responses are identified and prioritized.”
The process NIST lays out are:
- Implement a process to ensure the security program's plan of action and milestones (POA&M) are developed and maintained and that remediation plans are appropriate for the type of risk.
- Review the POA&M for consistency with the organization’s risk management strategy.
Make sure each action in this process has an owner assigned, and each action is viewed from an organizational perspective. When running scenario-based testing, make sure that representatives from each affected business area are involved in the exercise to ensure a common understanding.
========
*** FREE GUIDE ***
https://www.execcybered.com/asset-management
Blog: https://www.execcybered.com/blog
Training: https://www.execcybered.com/iso27001foundationcourse
Linkedin: https://www.linkedin.com/company/exceccybered/
Twitter: https://twitter.com/DrBillSouza
Instagram: https://www.instagram.com/drbillsouza/
Youtube: https://bit.ly/3BGOtPA
Thanks.
Dr. Bill Souza
CEO | Founder
www.execcybered.com