Key Area 1: Risk Assessment (RA)
Increased dependency on information technology has increased the risks and costs associated with security breaches and lost data.
Organizations should consider aligning business processes to an enterprise risk strategy, which includes:
- Documenting organization-specific risk areas
- Categorizing assets based on risk profile
- Conducting consistent risk assessments based on a relevant security framework
- Documenting security controls that protect assets
- Routinely evaluating technical controls with technical tools
- Communicating budget requirements using risk exposure and impact analysis