Database Reference
In-Depth Information
In Oracle, the risk library would be stored in the
eGRCM Risk Registry
. I have
generally found standards' bodies reluctant to give a standard list of risks, although
they do give a standard set of control objectives. To my eye the list of control
objectives is a rewording of the risks. A risk is something that can go wrong and the
control objective is to prevent it from going wrong. In this example, we have taken
some of the higher-level control objectives in the appendix and translated them into
risks for illustrative purposes. The following is a screenshot from the eGRCM
Risk Registry:
The controls from Appendix A of ISO 27000 would be stored in the eGRCM Controls
Registry. The statement of applicability can be derived from whether the control is
deemed to be applicable to any risk:
Search WWH ::
Custom Search