× Welcome to SGCyberSecurity forum!

Feel free to discuss any topics relating to cybersecurity with the rest of the security community in this forum.

Topic-icon Risk mgmt policy

54 years 9 months ago #744 by o_icemanssl22

What IT framework your company is adopting?

You can check?ÿISACA site for reference:

www.isaca.org/Knowledge-Center/Research/...sk-IT-Framework.aspx

Please Log in or Create an account to join the conversation.

54 years 9 months ago #747 by o_boiboi77

hi. we based on COBIT, but some areas are not applicable to us. but?ÿhow is the framework going to help in my risk mgmt policy?

Please Log in or Create an account to join the conversation.

54 years 9 months ago #748 by o_icemanssl22

Type of IT Framework to adopt is decide by your CTO or Management. They should have their reasons for adopting during their evaluation process. You might want to check with them.

If you think Cobit 5 v2 don't cover your needs or in-deep; you can take a look others and recommend to management:

Examples:

CISSP, ITIL, OCTAVA, RMF, TARA, FAIR etc.

Without diagnosing or understand your company area of risk or weakness, any risk policies created will have gap.

 

Please Log in or Create an account to join the conversation.

54 years 9 months ago #753 by o_boiboi77

cool, will check with my mgmt. i also understand there's a need to create a risk assessment template within the policy to identify all the potential risks, residual risks ,etc.. is this necessary to create at this juncture?

Please Log in or Create an account to join the conversation.

54 years 9 months ago #756 by o_icemanssl22

Not at the moment.?ÿYou need them for you risk assessment report.

Please Log in or Create an account to join the conversation.

54 years 9 months ago #816 by o_paulsng33

RA is important, i was faulted by mgmt for failing to do a proper one. =(

Please Log in or Create an account to join the conversation.