Please enable JavaScript.
Coggle requires JavaScript to display documents.
Risk monitoring and Reporting (Risk Monitoring (Monitor (technical level,…
Risk monitoring and Reporting
Risk Monitoring
we need it to keep management of risks
Definition
informing stakeholders about changes in the risk to their system
Scope
broad based
Internal and external factors
Not just technical
Can be managerial
Monitor
technical level
intrusion detection and prevention systems
firewall and network-appliance logs
content filtering systsm
monitoring of threats/ attacks
At an organisational level
key risk indicators
Risk metrics
Indicators
Key risk indicators
linked to specific risks that have high business impact
Ability to measure variances in risk
Cybersecurity indicators
Incident response indicator
no of incidents reported on time/total number of reported incidents x 100
% of protected sensitive personally identifiable info
no of sensitive infor / total number of personally identifiable info x 100
reporting
risk reports
contains info about vulnerabilities
therefore is sensitive
scope should be controlled to those who need it
content should be useful and timely
risk data validation criteria
Missing items
Duplicates
Ranges
Reliability
Control Totals
Reasonableness
Validity