top of page
Risk Statement

Risk

Supplier Risk
recommendation

Plan

auditor observation
Plan Description

Management review
Risk Likelihood is now updated!
Plan Description

Please select from options!

NAME

--

type

--

FCR12.PNG

Data Privacy

Depending on whether or not the organisation is interacting with personal information, and its sensitivity, they have an obligation to reasonably protect this information.

human factor

Human threats are major contributing factors for malware and targeted attacks, leading to dramatic consequences for the organisations.

FCR52_edited.png

suppliers/

partners

Depending on the type of data that is accessible by them or the kind of service they offer, suppliers can pose a significant risk to the organisation.

FCR62_edited.png

Privacy Program

Initial

Unassigned

Human Resource

Initial

Unassigned

IS Awareness Training

Initial

Unassigned

Supplier Security Program

Initial

Unassigned

ajax-loader.gif

targeted

attacks

Usually target specific industries, pursuing long-term goals with motivations, including political gain, monetary profit, or business data theft.

FCR32_edited.png

Cyber Threat Intelligence

Initial

Unassigned

Cryptographic Controls

Initial

Unassigned

Data Security

Initial

Unassigned

BYOD & Mobile Protection

Initial

Unassigned

Remote  Connections

Initial

Unassigned

service

disruption

A severe threat to any business to lose their productivity or service offerings due to being attacked by cybercriminals.

FCR72_edited.png

compliance

Organisations are behaving differently towards data and information processing facilities that could pose several compliance burdens to the business. 

FCR22_edited.jpg

Business Continuity

Initial

Unassigned

Incident
Response

Initial

Unassigned

Physical Security Perimeter

Initial

Unassigned

Organisation of Information Security

Initial

Unassigned

Risk
Management

Initial

Unassigned

Information Security Policy

Initial

Unassigned

Change Management

Initial

Unassigned

Secure Areas

Initial

Unassigned

Secure Backup

Initial

Unassigned

Sub-Policies & Procedures

Initial

Unassigned

Information Security Audit

Initial

Unassigned

Compliance Management

Initial

Unassigned

A severe threat to any business, attacked by cybercriminals for social, personal or politically motivated reasons. 

hack.PNG

Opportunistic attacks

CIS BASIC CONTROLS

CIS FOUNDATIONAL CONTROLS

CIS ORGANISATIONAL CONTROLS

Asset 
 Management

Initial

Unassigned

Protection of Software Assets

Initial

Unassigned

Vulnerability & Patch Management

Initial

Unassigned

Privileged 
Accounts

Initial

Unassigned

Security Logs

Initial

Unassigned

Email Security

Initial

Unassigned

Anti-Malware

Initial

Unassigned

Network Security Segmentation

Initial

Unassigned

Awareness Training

Initial

Unassigned

Security in Software Lifecycle

Initial

Unassigned

Incident Response

Initial

Unassigned

Secure Backup

Initial

Unassigned

Network Devices

Initial

Unassigned

Data Loss Prevention

Initial

Unassigned

Security Testing Program

Initial

Unassigned

Access Control

Initial

Unassigned

Wireless Security

Initial

Unassigned

User Access Review

Initial

Unassigned

bottom of page