Mechanisms exist to identify and document risks, both internal and external.
Mechanisms exist to develop and keep current a catalog of applicable risks associated with the organization's business operations and technologies in use.
Mechanisms exist to conduct recurring assessments of risk that includes the likelihood and magnitude of harm, from unauthorized access, use, disclosure, disruption, modification or destruction of the organization's systems and data.
Mechanisms exist to maintain a risk register that facilitates monitoring and reporting of risks.
Mechanisms exist to identify and assign a risk ranking to newly discovered security vulnerabilities that is based on industry-recognized practices.
Mechanisms exist to remediate risks to an acceptable level.
Mechanisms exist to respond to findings from cybersecurity & data privacy assessments, incidents and audits to ensure proper remediation has been performed.
Mechanisms exist to identify and implement compensating countermeasures to reduce risk and exposure to threats.
Mechanisms exist to routinely update risk assessments and react accordingly upon identifying new security vulnerabilities, including using outside sources for security vulnerability information.
Mechanisms exist to conduct a Business Impact Analysis (BIA) to identify and assess cybersecurity and data protection risks.
Passcode