Please enable JavaScript.
Coggle requires JavaScript to display documents.
Operations Security, Risk Appetite: Quantity & nature of risk that…
Operations Security
RM Framework
-
-
2. Framework Design
Begin designing RM process, org understands current levels of risk, determines what needs to be done to bring down to acceptable level, align with risk appetite
-
Risk Tolerance defines range of acceptable risk for each initiative, plan, activity. E.g. "absolutely none" RT -> admin has zero-tolerance risk exposure for system and requires highest level of protection
Realistic RT falls usually falls between "sporadic hardware / software issues" & "total destruction"
-
-
-
-
Risk Management
Process of identifying risk, assessing relative magnitude, taking steps to reduce it to acceptable level
-
-
-
-
Risk Appetite: Quantity & nature of risk that orgs are willing to accept as they evaluate trade-offs between perfect security * unlimited accessibility
Risk Tolerance / Risk Threshold: The assessment of the amount of risk an org is willing to accept for a particular information asset.
Residual Risk: The risk to information assets that remains even after current controls have been applied.