+Risk Asessments
---+Risk Assessment
---+Major change risk assessment
---+Legacy Systems risk assessment
|
1. Overview
Risk Asessments
| Summary |
Standard |
|
Risk Assessment
|
Identify all sources of ICT risk on a continuous basis, including risk exposure to and from other entities. Gather information, assess, and review at least on a yearly basis the cyber threats and ICT vulnerabilities relevant to business functions and assets. Evaluate the (potential) impact of these threats and vulnerabilities on the assets.
|
|
Major change risk assessment
|
Perform a risk assessment upon each major change in the network, IT infrastructure, and the processes or procedures affecting business functions and assets.
|
|
Legacy Systems risk assessment
|
Conduct specific risk assessments on all legacy ICT systems, applications, or systems at least yearly. Perform assessments before and after connecting legacy ICT systems, applications, or systems.
|
1.1 References
1.2 Identified Requirements
1.2 Related Regulation
2. Identified Requirements
Requirements
| Source |
Requirement |
3. Related Regulations
Regulations
| Source |
Regulation |
|