Risk Analysis and Asset Prioriitization
I'm Vera. I'm an IT auditor. I'm new in incident management, since before this I just see whether the problems or incidents coming were fixed and also the root cause.
I wanna develop my audit program and also give deeper analysis about incident management.
I find the security incident management audit/assurance program here.
I'm a little bit confused about risk analysis and asset prioritization.
The objectives : Policies and procedures should be established to ensure that a risk analysis and asset prioritization are part of the incident evaluation process.
One of the step is:
220.127.116.11 Verify that the risk analysis includes risks such as loss of intellectual property; revenue loss from business interruptions; and loss from liability of business partners and noncompliance with legal, regulatory and standards requirements
It's refer to IT Security only? Risk analysis here in which part? I work at a bank, risk analysis here bankwide or per unit/division? Do they need to define the risk? And does each unit report it to IT security if it's related with security?
And about asset prioritization, what does it mean? Which division keeps the data?
Thanks a lot!
You must sign in to rate content.
You must login to leave a comment.