About Blog Login Contact
Services
Training vCISO Consulting Services

 

 

Addressing the Highest Risks

cybersecurity risk management smallbusiness Aug 22, 2022

As we conclude the risk assessment and governance process, the last part will deal with the organization's highest risks, not the highest vulnerability, but rather the highest risks. This work could take the form of desktop exercises or brainstorming sessions. NIST cover this effort in the subcategory ID.RA-6 “Risk responses are identified and prioritized.”

The process NIST lays out are:

  1. Implement a process to ensure the security program's plan of action and milestones (POA&M) are developed and maintained and that remediation plans are appropriate for the type of risk.
  2. Review the POA&M for consistency with the organization’s risk management strategy.

Make sure each action in this process has an owner assigned, and each action is viewed from an organizational perspective. When running scenario-based testing, make sure that representatives from each affected business area are involved in the exercise to ensure a common understanding.

========

*** FREE GUIDE ***
https://www.execcybered.com/asset-management

Blog: https://www.execcybered.com/blog
Training: https://www.execcybered.com/iso27001foundationcourse
Linkedin: https://www.linkedin.com/company/exceccybered/
Youtube: https://bit.ly/3BGOtPA

 

Author: Dr. Bill Souza | Aug 22, 2022 

Categories

All Categories asset management compliance cybersecurity frameworks governance metrics nist nist csf risk risk management smallbusiness smb strategy tprm training
THE CYBER RISK NEWSLETTER

Want Helpful Cyber Risk Tips Every Week?

 

You're safe with me. I'll never spam you or sell your contact info.