The three domains of the Accident IT framework are listed beneath with the absolute processes (three by domain); anniversary activity contains a amount of activities:
Accident Governance: Ensure that IT accident administration practices are anchored in the enterprise, enabling it to defended optimal risk-adjusted return. It is based on the afterward processes:1
RG1 Establish and Advance a Common Accident View
RG1.1 Perform activity IT accident assessment
RG1.2 Propose IT accident altruism thresholds
RG1.3 Approve IT accident tolerance
RG1.4 Align IT accident policy
RG1.5 Promote IT accident acquainted culture
RG1.6 Encourage able advice of IT risk
RG2 Integrate With ERM
RG2.1 Establish and advance accountability fro IT accident management
RG2.2 Coordinate IT accident activity and business accident strategy
RG2.3 Adapt IT accident practices to activity accident practices
RG2.4 Provide able assets for IT accident management
RG2.5 Provide absolute affirmation over IT accident management
RG3 Make Risk-aware Business Decisions
RG3.1 Gain administration buy in for the IT accident assay approach
RG3.2 Approve IT accident analysis
RG3.3 Embed IT accident application in cardinal business accommodation making
RG3.4 Accept IT risk
RG3.5 Prioritise IT accident acknowledgment activities
Accident Evaluation: Ensure that IT-related risks and opportunities are identified, analysed and presented in business terms. It is based on the afterward processes:
RE1 Collect Data
RE1.1 Establish and advance a archetypal for abstracts collection
RE1.2 Collect abstracts on the operating environment
RE1.3 Collect abstracts on accident events
RE1.4 Identify accident factors
RE2 Analyse Risk
RE2.1 Define IT accident assay scope
RE2.2 Estimate IT risk
RE2.3 Identify accident acknowledgment options
RE2.4 Perform a associate assay of IT accident analysis
RE3 Advance Accident Profile
RE3.1 Map IT assets to business processes
RE3.2 Determines business criticality of IT resources
RE3.3 Accept IT capabilities
RE3.4 Update accident book components
RE3.5 Advance the IT accident annals and iT accident map
RE3.6 Develop IT accident indicators
Accident Response: Ensure that IT-related accident issues, opportunities and contest are addressed in a cost-effective address and in band with business priorities. It is based on the afterward processes:
RR1 Articulate Risk
RR1.1 Communicate IT accident assay results
RR1.2 Report IT accident administration activities and accompaniment of compliance
RR1.3 Interpret absolute IT appraisal findings
RR1.4 Identify IT accompanying opportunities
RR2 Manage Risk
RR2.1 Inventory controls
RR2.2 Monitor operational alignment with accident altruism thresholds
RR2.3 Respond to apparent accident acknowledgment and opportunity
RR2.4 Implement controls
RR2.5 Report IT accident activity plan progress
RR3 React to Events
RR3.1 Advance adventure acknowledgment plans
RR3.2 Monitor IT risk
RR3.3 Initiate adventure response
RR3.4 Communicate acquaint abstruse from accident events
Each activity is abundant by:
Activity components
Administration practice
Inputs and Outputs
RACI charts
Goal and metrics
For anniversary area a Maturity Archetypal is depicted.
Risk evaluation
The hotlink amid IT accident scenarios and ultimate business appulse needs to be accustomed to accept the aftereffect of adverse events. Accident IT does not appoint a individual method. Different methods are available. Among them there are:
Cobit Information criteria
Counterbalanced scorecard
Extended counterbalanced scorecard
Westerman 2
COSO
Factor Assay of Information Risk
Accident Governance: Ensure that IT accident administration practices are anchored in the enterprise, enabling it to defended optimal risk-adjusted return. It is based on the afterward processes:1
RG1 Establish and Advance a Common Accident View
RG1.1 Perform activity IT accident assessment
RG1.2 Propose IT accident altruism thresholds
RG1.3 Approve IT accident tolerance
RG1.4 Align IT accident policy
RG1.5 Promote IT accident acquainted culture
RG1.6 Encourage able advice of IT risk
RG2 Integrate With ERM
RG2.1 Establish and advance accountability fro IT accident management
RG2.2 Coordinate IT accident activity and business accident strategy
RG2.3 Adapt IT accident practices to activity accident practices
RG2.4 Provide able assets for IT accident management
RG2.5 Provide absolute affirmation over IT accident management
RG3 Make Risk-aware Business Decisions
RG3.1 Gain administration buy in for the IT accident assay approach
RG3.2 Approve IT accident analysis
RG3.3 Embed IT accident application in cardinal business accommodation making
RG3.4 Accept IT risk
RG3.5 Prioritise IT accident acknowledgment activities
Accident Evaluation: Ensure that IT-related risks and opportunities are identified, analysed and presented in business terms. It is based on the afterward processes:
RE1 Collect Data
RE1.1 Establish and advance a archetypal for abstracts collection
RE1.2 Collect abstracts on the operating environment
RE1.3 Collect abstracts on accident events
RE1.4 Identify accident factors
RE2 Analyse Risk
RE2.1 Define IT accident assay scope
RE2.2 Estimate IT risk
RE2.3 Identify accident acknowledgment options
RE2.4 Perform a associate assay of IT accident analysis
RE3 Advance Accident Profile
RE3.1 Map IT assets to business processes
RE3.2 Determines business criticality of IT resources
RE3.3 Accept IT capabilities
RE3.4 Update accident book components
RE3.5 Advance the IT accident annals and iT accident map
RE3.6 Develop IT accident indicators
Accident Response: Ensure that IT-related accident issues, opportunities and contest are addressed in a cost-effective address and in band with business priorities. It is based on the afterward processes:
RR1 Articulate Risk
RR1.1 Communicate IT accident assay results
RR1.2 Report IT accident administration activities and accompaniment of compliance
RR1.3 Interpret absolute IT appraisal findings
RR1.4 Identify IT accompanying opportunities
RR2 Manage Risk
RR2.1 Inventory controls
RR2.2 Monitor operational alignment with accident altruism thresholds
RR2.3 Respond to apparent accident acknowledgment and opportunity
RR2.4 Implement controls
RR2.5 Report IT accident activity plan progress
RR3 React to Events
RR3.1 Advance adventure acknowledgment plans
RR3.2 Monitor IT risk
RR3.3 Initiate adventure response
RR3.4 Communicate acquaint abstruse from accident events
Each activity is abundant by:
Activity components
Administration practice
Inputs and Outputs
RACI charts
Goal and metrics
For anniversary area a Maturity Archetypal is depicted.
Risk evaluation
The hotlink amid IT accident scenarios and ultimate business appulse needs to be accustomed to accept the aftereffect of adverse events. Accident IT does not appoint a individual method. Different methods are available. Among them there are:
Cobit Information criteria
Counterbalanced scorecard
Extended counterbalanced scorecard
Westerman 2
COSO
Factor Assay of Information Risk
No comments:
Post a Comment