Back

Use the risk taxonomy when managing risk.


CONTROL ID
12280
CONTROL TYPE
Behavior
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Establish, implement, and maintain a risk assessment program., CC ID: 00687

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • The FI should maintain a risk register which facilitates the monitoring and reporting of risks. Risks of the highest severity should be accorded top priority and monitored closely with regular reporting on the actions that have been taken to mitigate them. The FI should update the risk register peri… (ยง 4.5.1, Monetary Authority of Singapore: Technology Risk Management Guidelines)
  • When applying these Guidelines competent authorities should, where relevant, consider the non- exhaustive list of ICT risk sub-categories and risk scenarios as set out in the Annex, noting that the Annex focusses on ICT risks that may result in high severity losses. Competent authorities may exclude… (Title 1 18., Final Report Guidelines on ICT Risk Assessment under the Supervisory Review and Evaluation process (SREP))
  • Financial entities shall monitor the effectiveness of the implementation of their digital operational resilience strategy set out in Article 6(8). They shall map the evolution of ICT risk over time, analyse the frequency, types, magnitude and evolution of ICT-related incidents, in particular cyber-a… (Art. 13.4., Regulation (EU) 2022/2554 of the European Parliament and of the Council of 14 December 2022 on digital operational resilience for the financial sector and amending Regulations (EC) No 1060/2009, (EU) No 648/2012, (EU) No 600/2014, (EU) No 909/2014 and (EU) 2016/1011 (Text with EEA relevance))
  • The ability of management to plan for and initiate new activities or products in response to information needs and to address risks that may arise from changing business conditions; (TIER II OBJECTIVES AND PROCEDURES A:1. Bullet 1, FFIEC IT Examination Handbook - Audit, April 2012)