Develop emergency management plans for recovery decision making and communications, continuity of critical departmental processes, or temporary shut down of non critical departments to ensure continuity of operation and governance.

More Uses of the CRISC Toolkit:

  • Analyze impact on, and risk to, essential business functions or information systems to identify acceptable recovery time periods and resource requirements.
  • Keep aware of changes to regulatory requirements and industry best practices to recommend updates to information security policies.
  • Establish that your organization assess and continuously monitor that all applicable regulatory requirements are met, and security controls are managed and maintained.
  • Drive development of new content, process improvements, and tool adoption to increase customer satisfaction and internal productivity.
  • Ensure you launch, lead and drive the enterprise information security risk management program in line with information security policy, best practices, and leading industry standards.
  • Manage work with management to identify business and technology risks, controls that mitigate risks, and the related opportunities for control improvements.
  • Identify: authority to direct resources to respond to information security incidents or critical deficiencies to ensure secure operations of aristocrat information systems.
  • Determine security requirements by evaluating business strategies and requirements, applying security policies and security best practices.
  • Assure your organization applies identity and access control concepts and practices in accordance with industry standards, security, risk management techniques, and governance/compliance requirement.
  • Control: review the test findings, facilitate the remediation of IT control gaps, and escalate potential issues to management, where necessary.
  • Make sure that your organization organizes high profile hacking scenarios involving internal and external experts to validate enterprise wide system integrity and data confidentiality.
  • Secure that your organization contributes to the development and implementation of short term architectural roadmap to reduce risk associated with known and emerging information security threats across the enterprise.
  • Communicate security control gaps to leadership and coordinate organizationwide efforts to remediate and close security control gaps, as appropriate.
  • Be accountable for contributing to system efforts to develop effective it supervisory policy and guidance, supervisory activities, and it analysis and thought leadership.
  • Initiate new security projects and identify ways to improve internal security processes and operations while mitigating security related risk.
  • Orchestrate: review regulatory requirements, external policies or standards related to information security, and conduct gap analysis to internal security policies and requirements.
  • Analyze corporate intelligence data to identify trends, patterns, or warnings indicating threats to security of people, assets, information, or infrastructure.
  • Identify opportunities for strategic improvement or mitigation of business interruption and other risks caused by business, regulatory, or industry specific change initiatives.
  • Consult on application or infrastructure development projects to fit systems or infrastructure to the architecture and identify when it is necessary to modify the architecture to accommodate project needs.
  • Validate the key controls with the stakeholders on a periodic basis to provide an early warning to management for timely correction and remediation action.
  • Coordinate: breakdown raw information and undefined problems into specific, workable components that in turn clearly identifies the issues at hand.
  • Lead IT initiatives as necessary to ensure security control measures are addressed and imbedded in business as usual activities prior to project completion.
  • Control: monitor the implementation of controls and control mitigations for business processes, data protection, applications, and infrastructure.
  • Orchestrate: review investigation reports and translates findings to identification of future risks and actionable plans to protect the enterprise.
  • Establish and sustain organization wide security technology standards, process improvements, governance processes, and performance metrics.

 

Categories: Articles