IVI Framework Viewer

Process

Addresses the day-to-day activities of identifying and protecting the organization from IT-related risks.

Capability Building Blocks

C1Assessment
Identify subject matter experts for risk assessments. Run risk assessments to identify, document, and quantify or score risks and their components. Assessments include the evaluation of exposure to risks and measurement of their potential impact.
C2Prioritization
Prioritize inherent and residual risks and risk handling strategies, based on the organization's risk tolerance – that is, what risk levels are acceptable.
C3Handling
Assign ownership to identified risks, and responsibility and accountability for developing risk handling strategies. Initiate implementation of risk handling strategies, where risks can be transferred, absorbed, or mitigated. Interact with incident management functions – see chapter 27, Service Provisioning (SRP).
C4Monitoring
Establish a risk register. Track and report risks and risk incidents, and validate the effectiveness of risk controls.