Back

Include the methods of managing and responding to the risk assessment report in the risk assessment program.


CONTROL ID
06451
CONTROL TYPE
Establish/Maintain Documentation
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Establish, implement, and maintain risk assessment procedures., CC ID: 06446

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • In case of the IT-Grundschutz Check to be employed here for Basic Protection, only the basic requirements must be fulfilled. In case of a standard or Core Protection, a separate IT-Grundschutz Check that also includes the standard requirements of the corresponding modules is to be performed within s… (§ 6.3 ¶ 2, BSI-Standard 200-2 IT-Grundschutz Methodology, Version 1.0)
  • Standards and/or procedures for performing information risk assessments shall cover the method of managing and responding to the results of information risk assessments. (SR.01.01.01e, The Standard of Good Practice for Information Security)
  • Standards and/or procedures for performing information risk assessments shall cover the method of managing and responding to the results of information risk assessments. (SR.01.01.01e, The Standard of Good Practice for Information Security, 2013)
  • A risk monitoring and reporting process to monitor changing risk levels and report the results of the process to the board and senior management. (App A Objective 9:2 d., FFIEC Information Technology Examination Handbook - Management, November 2015)
  • Determine whether IT management develops satisfactory measures for defining and monitoring metrics, performance benchmarks, service level agreements, compliance with policies, effectiveness of controls, and quality assurance and control. Determine whether management developed satisfactory reporting … (App A Objective 13, FFIEC Information Technology Examination Handbook - Management, November 2015)
  • Ensure the organization's response plans and procedures include mitigation measures to help prevent further impacts. (Table 2: Mitigation Baseline Security Measures Cell 1, Pipeline Security Guidelines)