Please enable JavaScript.
Coggle requires JavaScript to display documents.
RISK MANAGEMENT,GOVERNANCE AND REGULATION - Coggle Diagram
RISK MANAGEMENT,GOVERNANCE AND REGULATION
PART A: RISK MANAGEMENT
5.1 INTRODUCTION TO RISK AND
RISK MANAGEMENT
THE RISK MANAGEMENT VALUE CHAIN
THE RISK MANAGEMENT FRAMEWORK AND PROCESS
RISK MANAGEMENT OBJECTIVES
RISK AND ORGANISATIONAL STRATEGY
RISK GOVERNANCE
RISK MANAGEMENT RESPONSIBILITIES
Risk Owners
Risk Management Function
BEST PRACTICE RISK MANAGEMENT
5.2 RISK MANAGEMENT STANDARDS
ISO 31000
ISO 27001
ISO 27005
5.3 RISK MANAGEMENT PROCESS
RISK PROFILES
Information Assets
Analysis for Determining a Risk Profile
Assigning Risk Levels and Compliance Obligations
RISK IDENTIFICATION
Identify Risk
Identify Causes, Impacts and Controls
RISK ANALYSIS
Risk Calculation — Likelihood
Risk Calculation — Impact
Risk Calculation — Risk Rating
RISK EVALUATION AND RISK TREATMENT
Reducing Risk
Controls to Treat Risk
Key Controls
Control Effectiveness Ratings
Business Continuity Plans and Disaster Recovery Plans
RISK MONITORING AND ACTION
ISO 31000 Monitoring and Review Processes
Control validation
Audit
Key Risk Indicators
Monitoring of Risk Using Risk Triggers
Types of Risk Triggers
5.4 FUTURE INNOVATION IN RISK MANAGEMENT
PART B: GOVERNANCE
5.5 WHAT IS RISK GOVERNANCE?
GOOD GOVERNANCE
THE ELEMENTS OF GOVERNANCE
Accountability
Authority
Decision Making
CREATING GOOD GOVERNANCE
Risk Management Strategy — Critical Elements
Set a Vision
Provide Tone from the Top
The Earlier, the Better
Build the Right Team
Assemble a Steering Committee
Share Responsibilities
PRINCIPLES OF GOOD GOVERNANCE
8 Principles
GOVERNANCE ROLES AND RESPONSIBILITIES
Senior Management (CEO and Leadership Team)
Board
Chief Information Security Officer
Chief Information Officer
Data Owner
Data Custodian
Systems Owners and IT Security Practitioners
Security Awareness Trainers
Auditors
INCREASED ACCOUNTABILITY — BEAR AND FAR
5.6 POOR/INAPPROPRIATE RISK GOVERNANCE
COMMUNICATION OF RISK
Management of Risk Communication
WHEN GOVERNANCE IS LACKING
5.7 DEVELOPING RISK GOVERNANCE
THROUGH CULTURE
POSITIVE GOVERNANCE CULTURE
FIT-FOR-PURPOSE
An Agile Approach
GOVERNING ORGANISATIONAL CULTURE
5.8 WHAT IS THE RIGHT MIX FOR A
GOVERNANCE BOARD?
5.9 FUTURE THREATS TO GOVERNANCE
IMPACT OF TECHNOLOGY ON CORPORATE GOVERNANCE
ETHICS AND GOVERNANCE WITH AUTOMATION AND AI
5.10 DATA GOVERNANCE
DATA GOVERNANCE GOALS
Ethics
Privacy
Cyber Security
Data Security
Compliance
DATA GOVERNANCE TOOLS
DATA GOVERNANCE MATURITY MODEL
DATA GOVERNANCE AND AI
PART C: SECURITY AND PRIVACY
5.11 WHAT IS DATA/INFORMATION SECURITY
AND CYBERSECURITY?
THE EVOLVING THREAT OF CYBERSECURITY
5.12 INDUSTRY STANDARDS
APRA CPS 234 SECURITY STANDARD
PCI DSS
NIST
THE ISO/IEC 27001 STANDARD
ISMS
ISO/IEC 27001 Structure and Requirements
ISO/IEC 27001 Risk Assessment
5.13 IMPLEMENTING BEST PRACTICE
INFORMATION SECURITY
ISMS PROJECT IMPLEMENTATION METHOD
Project Mandate
Asset Identification and Valuation
Risk Assessment – Establishing the Context
Risk Assessment – Risk Identification
Risk Assessment – Risk Analysis
Risk Evaluation (Impact and Likelihood)
Risk Treatment (Mitigation)
ISMS Establishment
ISMS Monitoring and Review
5.14 SELECTING SECURITY CONTROLS
PHYSICAL ASSETS
INFORMATION ASSETS
TYPES OF CONTROLS
CATEGORIES OF SECURITY CONTROLS
MAPPING CONTROLS TO RISK AND BUILDING A STATEMENT
OF APPLICABILITY
5.15 IMPLICATIONS OF AN IMMATURE APPROACH
TO CYBERSECURITY
A ‘LIGHT TOUCH’ APPROACH
ENGAGING CYBERSECURITY PROFESSIONALS
Advantages
Disadvantages
Outsourcing Options
5.16 CYBER BREACH
PREPAREDNESS FOR A BREACH
5.17 DATA PROTECTION, ETHICS AND PRIVACY
IMPORTANCE OF ETHICAL CONDUCT IN THE
DIGITAL ECONOMY
PRINCIPLES OF DATA ETHICS
Informed Consent
Transparency
Ownership and Control
Fairness and Equality
Preserving Privacy
Preserving Privacy
Relationship Between Privacy and Security
The Relevance of Data Privacy
Personal Data and Sensitive Data
Data Privacy Laws and Regulations
GDPR
Australian Notifiable Data Breach