Overview
Newly found security gaps, threats, or vulnerabilities from security testing and vulnerability response procedures will be assessed with risk perspective to prioritize remediation or mitigation activities. Based on risk assessment the remediation or mitigation planning will be performed to identify the target dates to resolve open items. If the risk assessment results to a change in features, the change will be endorsed to Security Assessment process.
Risk Assessment
Risk assessment goal is to understand the impact of the gaps, threats and vulnerabilities with regards to business operations. It aims to help the business to decide if they will accept, avoid, transfer, or reduce the risk associated with the security gaps, threats, or vulnerabilities. To organize the process, it is segmented into different sub-processes.
Risk Analysis. Similar to the process of risk analysis on Security Assessment, the risk rating is identified to incorporate with the severity of the item.
Identify risk mitigation techniques. The goal is to have the right strategy to proceed with the action plan. The aim is to identify the mitigation technique for the risk to be managed.
Expected output: List of risk analyzed gaps, threats, or vulnerabilities with risk mitigation technique.
Remediation Planning
Based on the risk mitigation technique, all identified gaps, threats, or vulnerabilities should have remediation timeline. Timeline should have specific target dates to remediate and mitigate the item.
Gap / Threat / Vulnerability | Risk | Probability | Impact | Risk Rating | Risk mitigation technique | Risk Control | Target Mitigation Date | Target Remediation Date | Action ticket |
---|---|---|---|---|---|---|---|---|---|
Insecure VPN certificates | Hacked network due to … | 4 - Likely to happen cause of … | 4 - Major damage cause … | 16 - High | Accept, or Avoid, Transfer, Reduce | A control description to chosen mitigation technique. |
|
| App-123 |
Attachments:
Screen Shot 2022-09-08 at 2.50.37 PM.png (image/png)
image-20220914-033555.png (image/png)