Security Risk Control

Assesses and prioritizes risks so that appropriate handling and monitoring activities can be put in place.

C1Security Threat Profiling: Gather intelligence on IT security threats and vulnerabilities to better understand the IT security threat landscape within which the organization operates – including, for example, the actors, scenarios, and campaigns that might pose a threat.
C2Security Risk Assessment: Identify exposures to security-related risks, and quantify their likelihood and potential impact.
C3Security Risk Prioritization: Prioritize information security risks and risk handling strategies based on residual risks and the organization’s risk appetite.
C4Security Risk Handling: Implement strategies for handling information security risk, including risk acceptance, transfer, absorption, and mitigation, as appropriate. Promote interaction with incident management functions.
C5Security Risk Monitoring: Manage the on-going efficacy of information security risk handling strategies and control options.