IVI Framework Viewer

Security Risk Control

Assesses and prioritizes risks so that appropriate handling and monitoring activities can be put in place.

Capability Building Blocks

C1Security Threat Profiling
Gather intelligence on IT security threats and vulnerabilities to better understand the IT security threat landscape within which the organization operates – including, for example, the actors, scenarios, and campaigns that might pose a threat.
C2Security Risk Assessment
Identify exposures to security-related risks, and quantify their likelihood and potential impact.
C3Security Risk Prioritization
Prioritize information security risks and risk handling strategies based on residual risks and the organization’s risk appetite.
C4Security Risk Handling
Implement strategies for handling information security risk, including risk acceptance, transfer, absorption, and mitigation, as appropriate. Promote interaction with incident management functions.
C5Security Risk Monitoring
Manage the on-going efficacy of information security risk handling strategies and control options.