Back

Estimate the costs of implementing the compliance framework.


CONTROL ID
07191
CONTROL TYPE
Business Processes
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Establish and maintain the scope of the organizational compliance framework and Information Assurance controls., CC ID: 01241

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • Implement the security concept by determining the one-time and recurring costs and expenses required to implement the safeguards. (5 Bullet 3, BSI-Standard 100-2 IT-Grundschutz Methodology, Version 2.0)
  • Determine one-off and repeat costs and expense for the safeguards that are to be implemented (§ 9.5 Subsection 2 Bullet 3, BSI-Standard 200-2 IT-Grundschutz Methodology, Version 1.0)
  • As the budget for implementing security safeguards is always limited in practice, it is necessary to determine how much will need to be invested and how much labour this will entail for each safeguard that is to be implemented. When recording theses costs, you must differentiate between one-time and… (§ 9.2 ¶ 1, BSI-Standard 200-2 IT-Grundschutz Methodology, Version 1.0)
  • In this regard it is necessary to ascertain whether all the safeguards initially derived from the requirements can be afforded. If there are safeguards that are not economical, alternative safeguards for fulfilling such requirements should be considered. There are many possible solutions also regard… (§ 9.2 ¶ 2, BSI-Standard 200-2 IT-Grundschutz Methodology, Version 1.0)
  • The Office of the Comptroller of the Currency is authorized to charge the bank an investigation fee or special examination fee when it investigates or examines a third party's activities for the bank. ("Supervisory Reviews of Third-Party Relationships" ¶ 3, Third-Party Relationships Risk Management Guidance, OCC bulletin 2013-29, October 30, 2013)
  • The covered entity's cost to implement and maintain the reasonable security measures to protect against a breach of security relative to its resources. (§ 8-38-3 (c)(3), Code of Alabama Title 8 Chapter 38 Section 8-38-1 thru 8-38-12, Alabama Data Breach Notification Act of 2018)