mirror of https://github.com/Karaka-Management/Organization-Guide.git synced 2026-01-11 21:08:41 +00:00

Signed-off-by: Dennis Eichhorn <spl1nes.com@googlemail.com>

2024-03-20 15:17:02 +01:00

IT Risk Control Matrix

No.	R	Category	Risk Event	L	C	F	Mitigation Type	Mitigation Strategy	L*	C*	ES	EY	Evidences
1	CTO	Operational Risk (IT)	Data loss	3	5	Daily	Preventing (System)	Automatic daily local backups	1	1	YES	YES	Cron
2	CTO	Operational Risk (IT)	Data loss	3	5	Daily	Preventing (System)	Automatic daily backups to external/remote service providers	1	1	YES	YES	Cron
3	CTO	Operational Risk (IT)	Data loss	3	5	Daily	Preventing (Manual)	Quarterly manual backups for long-term storage	1	3	YES	YES
4	CTO	Operational Risk (IT)	Corrupted backup data	2	3	Daily	Revealing (System)	Automatic data integrity validation of daily backups	1	3	YES	YES	Cron
5	HOD, head of IT, CTO	Operational Risk (IT)	Emplyees have access to files or functions outside of their competencies	4	4	Daily	Preventing (Manual)	Employee permissions are defined in a general Permission List. Deviations must be approved	1	4	YES	YES	Permission List
6	head of IT, CTO	Operational Risk (IT)	Software causes problems	3	3	Weekly	Preventing (Manual)	New software and software updates must be tested in a sandbox environment	1	1	YES	YES	Third Party Software Validation - New Third Party Software Validation - Update
7	HOD, head of IT, CTO	Operational Risk (IT)	Unauthorized software.	3	5	Weekly	Preventing (Manual)	New software must be approved	1	2	YES	YES	Third Party Software Validation - New

Abbreviations

2024-03-20 - Version 2.0