What is your risk management framework? What’s your process for managing risks?

12.9k viewscircle icon3 Upvotescircle icon4 Comments
Sort by:
Senior Security and Compliance Auditor in Software6 years ago

I created a hybrid of a few frameworks that works for me and has passed ISO27001, PCI-DSS and STAR.  It scores 80+ threats (natural, human, software, physical…) from 1 - 1,000 with anything above 400 requiring treatment.  Lower scores may still require treatment for a specific category (e.g. Impact) that was “scored in the red” even though the overall score is below 400.  I then score each of those threats against the Critical Functions of the BIA so I can further pinpoint the scope of the threat.  I perform this annually and share with the Steering Committee. This has resulted in both minor (badge to print to control personal use) and major changes (moved from DC to AWS for DR risk).  After sharing with the Committee I create Jira tickets to track and then apply remediation timelines based on risk (High 30 days.....).  Once resolved I share with the Committee and everything is documented in the quarterly Committee meeting notes.                       

VP of Global IT and Cybersecurity in Manufacturing6 years ago

NIST CSF/800 , aligns nicely with ISO 27k. 

Lightbulb on1
Director Certifications in Education6 years ago

Implementing a risk management framework is not an easy task, it is a very comprehensive and involves all departments of the organization.  Whatever RMF you decided you use (NIST, ITIL, COBIT, etc.)  will have to be tailored to your organization to align with your business processes and objectives, i.e., use components of the framework that fits your business needs, otherwise, your cost will be very high and success may not be realized.

Lightbulb on1
Director Certifications in Education6 years ago

NIST RMF

Lightbulb on2

Content you might like

Very positive – most are enthusiastic10%

Positive65%

Neutral20%

Negative5%

Very negative – most are reluctant/skeptical

Unsure

View Results

Yes60%

No39%