3.2 Cyber Security Risk Management and Compliance

No: 381000091275

Date(g): 24/5/2017 | Date(h): 28/8/1438

Effective from May 24 2017 - May 23 2017
To view other versions open the versions tab on the right

Risk management is the ongoing process of identifying, analyzing, responding and monitoring and reviewing risks. The cyber security risk management process focusses specifically on managing risks related to cyber security. In order to manage cyber security risks, Member Organizations should:
•	identify their cyber security risks - cyber security risk identification;
•	determine the likelihood that cyber security risks will occur and the resulting impact - cyber security risk analysis;
•	determine the appropriate response to cyber security risks and select relevant controls - cyber security risk response;
•	monitor the cyber security risk treatment and review control effectiveness - cyber security risk monitoring and review.
The compliance with the cyber security controls should be subject to periodic review and audit.