From 6fee78675b12f44b94061c75bc99f509be581c85 Mon Sep 17 00:00:00 2001 From: Dennis Eichhorn Date: Wed, 20 Mar 2024 15:05:09 +0100 Subject: [PATCH] Update 09_IT_Risk Control Matrix.md Signed-off-by: Dennis Eichhorn --- Processes/09_IT_Risk Control Matrix.md | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/Processes/09_IT_Risk Control Matrix.md b/Processes/09_IT_Risk Control Matrix.md index b985d80..4707a43 100644 --- a/Processes/09_IT_Risk Control Matrix.md +++ b/Processes/09_IT_Risk Control Matrix.md @@ -2,13 +2,13 @@ | No. | R | Category | Risk Event | L | C | F | Cause | Mitigation Type | Mitigation Strategy | L* | C* | Changes | Comments | ES | EY | Evidences | | ---- | -------------------- | --------------------- | ------------------------------------------------------------ | ---- | ---- | ------ | ----- | ------------------- | ------------------------------------------------------------ | ---- | ---- | ------- | -------- | ---- | ---- | --------- | -| 1 | CTO | Operational Risk (IT) | Data loss | | | Daily | | Preventing (System) | Automatic daily local backups | | | | | | | | -| 2 | CTO | Operational Risk (IT) | Data loss | | | Daily | | Preventing (System) | Automatic daily backups to external/remote service providers | | | | | | | | -| 3 | CTO | Operational Risk (IT) | Data loss | | | Daily | | Preventing (Manual) | Quarterly manual backups for long-term storage | | | | | | | | -| 4 | CTO | Operational Risk (IT) | Corrupted backup data | | | Daily | | Revealing (System) | Automatic data integrity validation of daily backups | | | | | | | | -| 5 | HOD, head of IT, CTO | Operational Risk (IT) | Users have receive access to files or functions outside of their competencies | | | Daily | | Preventing (Manual) | User permissions are defined in a general Permission List. Deviations must be approved | | | | | | | | -| 6 | head of IT, CTO | Operational Risk (IT) | Software causes problems | | | Weekly | | Preventing (Manual) | New software and software updates must be tested in a sandbox environment | | | | | | | | -| 7 | HOD, head of IT, CTO | Operational Risk (IT) | Unauthorized software. | | | Weekly | | Preventing (Manual) | New software must be approved | | | | | | | | +| 1 | CTO | Operational Risk (IT) | Data loss | 3 | 5 | Daily | | Preventing (System) | Automatic daily local backups | 1 | 1 | | | | | | +| 2 | CTO | Operational Risk (IT) | Data loss | 3 | 5 | Daily | | Preventing (System) | Automatic daily backups to external/remote service providers | 1 | 1 | | | | | | +| 3 | CTO | Operational Risk (IT) | Data loss | 3 | 5 | Daily | | Preventing (Manual) | Quarterly manual backups for long-term storage | 1 | 3 | | | | | | +| 4 | CTO | Operational Risk (IT) | Corrupted backup data | 2 | 3 | Daily | | Revealing (System) | Automatic data integrity validation of daily backups | 1 | 3 | | | | | | +| 5 | HOD, head of IT, CTO | Operational Risk (IT) | Emplyees have access to files or functions outside of their competencies | 4 | 4 | Daily | | Preventing (Manual) | Employee permissions are defined in a general Permission List. Deviations must be approved | 1 | 4 | | | | | | +| 6 | head of IT, CTO | Operational Risk (IT) | Software causes problems | 3 | 3 | Weekly | | Preventing (Manual) | New software and software updates must be tested in a sandbox environment | 1 | 1 | | | | | | +| 7 | HOD, head of IT, CTO | Operational Risk (IT) | Unauthorized software. | 3 | 5 | Weekly | | Preventing (Manual) | New software must be approved | 1 | 2 | | | | | | ## Abbreviations @@ -26,4 +26,4 @@ * EY: Efficient -2022-01-01 - Version 1.0 \ No newline at end of file +2022-01-01 - Version 1.0