Jingga/Organization-Guide
1
0
Fork 0
mirror of https://github.com/Karaka-Management/Organization-Guide.git synced 2026-01-11 12:58:42 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Update 09_IT_Risk Control Matrix.md

Browse Source 
Signed-off-by: Dennis Eichhorn <spl1nes.com@googlemail.com>
This commit is contained in:
Dennis Eichhorn 2024-03-20 15:16:39 +01:00 committed by GitHub
parent 861aac237b
commit 1d967f0b27
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 7 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
Processes/09_IT_Risk Control Matrix.md
View File

@ -2,13 +2,13 @@
| No. | R | Category | Risk Event | L | C | F | Cause | Mitigation Type | Mitigation Strategy | L* | C* | Changes | Comments | ES | EY | Evidences |
| ---- | -------------------- | --------------------- | ------------------------------------------------------------ | ---- | ---- | ------ | ----- | ------------------- | ------------------------------------------------------------ | ---- | ---- | ------- | -------- | ---- | ---- | --------- |
| 1 | CTO | Operational Risk (IT) | Data loss | 3 | 5 | Daily | | Preventing (System) | Automatic daily local backups | 1 | 1 | | | | | [Cron](https://github.com/Karaka-Management/Build/blob/master/Backup/cron.sh) |
| 2 | CTO | Operational Risk (IT) | Data loss | 3 | 5 | Daily | | Preventing (System) | Automatic daily backups to external/remote service providers | 1 | 1 | | | | | [Cron](https://github.com/Karaka-Management/Build/blob/master/Backup/cron.sh) |
| 3 | CTO | Operational Risk (IT) | Data loss | 3 | 5 | Daily | | Preventing (Manual) | Quarterly manual backups for long-term storage | 1 | 3 | | | | | |
| 4 | CTO | Operational Risk (IT) | Corrupted backup data | 2 | 3 | Daily | | Revealing (System) | Automatic data integrity validation of daily backups | 1 | 3 | | | | | [Cron](https://github.com/Karaka-Management/Build/blob/master/Backup/cron.sh) |
| 5 | HOD, head of IT, CTO | Operational Risk (IT) | Emplyees have access to files or functions outside of their competencies | 4 | 4 | Daily | | Preventing (Manual) | Employee permissions are defined in a general Permission List. Deviations must be approved | 1 | 4 | | | | | [Permission List](https://github.com/Karaka-Management/Organization-Guide/blob/master/Processes/IT/Permission%20List.md) |
| 6 | head of IT, CTO | Operational Risk (IT) | Software causes problems | 3 | 3 | Weekly | | Preventing (Manual) | New software and software updates must be tested in a sandbox environment | 1 | 1 | | | | [Third Party Software Validation - New](https://github.com/Karaka-Management/Organization-Guide/blob/master/Processes/IT/Third%20Party%20Software%20Validation%20-%20New.md)<br />[Third Party Software Validation - Update](https://github.com/Karaka-Management/Organization-Guide/blob/master/Processes/IT/Third%20Party%20Software%20Validation%20-%20Update.md) | |
| 7 | HOD, head of IT, CTO | Operational Risk (IT) | Unauthorized software. | 3 | 5 | Weekly | | Preventing (Manual) | New software must be approved | 1 | 2 | | | | | [Third Party Software Validation - New](https://github.com/Karaka-Management/Organization-Guide/blob/master/Processes/IT/Third%20Party%20Software%20Validation%20-%20New.md) |
| 1 | CTO | Operational Risk (IT) | Data loss | 3 | 5 | Daily | | Preventing (System) | Automatic daily local backups | 1 | 1 | | | YES | YES | [Cron](https://github.com/Karaka-Management/Build/blob/master/Backup/cron.sh) |
| 2 | CTO | Operational Risk (IT) | Data loss | 3 | 5 | Daily | | Preventing (System) | Automatic daily backups to external/remote service providers | 1 | 1 | | | YES | YES | [Cron](https://github.com/Karaka-Management/Build/blob/master/Backup/cron.sh) |
| 3 | CTO | Operational Risk (IT) | Data loss | 3 | 5 | Daily | | Preventing (Manual) | Quarterly manual backups for long-term storage | 1 | 3 | | | YES | YES | |
| 4 | CTO | Operational Risk (IT) | Corrupted backup data | 2 | 3 | Daily | | Revealing (System) | Automatic data integrity validation of daily backups | 1 | 3 | | | YES | YES | [Cron](https://github.com/Karaka-Management/Build/blob/master/Backup/cron.sh) |
| 5 | HOD, head of IT, CTO | Operational Risk (IT) | Emplyees have access to files or functions outside of their competencies | 4 | 4 | Daily | | Preventing (Manual) | Employee permissions are defined in a general Permission List. Deviations must be approved | 1 | 4 | | | YES | YES | [Permission List](https://github.com/Karaka-Management/Organization-Guide/blob/master/Processes/IT/Permission%20List.md) |
| 6 | head of IT, CTO | Operational Risk (IT) | Software causes problems | 3 | 3 | Weekly | | Preventing (Manual) | New software and software updates must be tested in a sandbox environment | 1 | 1 | | | YES | YES | [Third Party Software Validation - New](https://github.com/Karaka-Management/Organization-Guide/blob/master/Processes/IT/Third%20Party%20Software%20Validation%20-%20New.md)<br />[Third Party Software Validation - Update](https://github.com/Karaka-Management/Organization-Guide/blob/master/Processes/IT/Third%20Party%20Software%20Validation%20-%20Update.md) |
| 7 | HOD, head of IT, CTO | Operational Risk (IT) | Unauthorized software. | 3 | 5 | Weekly | | Preventing (Manual) | New software must be approved | 1 | 2 | | | YES | YES | [Third Party Software Validation - New](https://github.com/Karaka-Management/Organization-Guide/blob/master/Processes/IT/Third%20Party%20Software%20Validation%20-%20New.md) |
## Abbreviations