Scribd Logo
Încărcați

Bine ați venit la Scribd!

  • Assessment Process

    Încărcat de

    VelanPK
    10 vizualizări3 pagini
    Generic Assessment process for GRC implementation

    Drepturi de autor

    © © All Rights Reserved

    Formate disponibile

    DOCX, PDF, TXT sau citiți online pe Scribd

    Vi se pare util acest document?

    Este necorespunzător acest conținut?

    Raportați acest document
    Generic Assessment process for GRC implementation

    Drepturi de autor:

    © All Rights Reserved
    Descărcați ca DOCX, PDF, TXT sau citiți online pe Scribd
    Indicator pentru conținut neadecvat
    10 vizualizări3 pagini

    Assessment Process

    Încărcat de

    VelanPK
    Generic Assessment process for GRC implementation

    Drepturi de autor:

    © All Rights Reserved
    Descărcați ca DOCX, PDF, TXT sau citiți online pe Scribd
    Indicator pentru conținut neadecvat
    din 3

    Assessment Flow:

     Interviews & Observations:

    Guided conversations with Stakeholders / users & first-hand observations of how


    they use spaces

     Focus Groups:

    Interactive sessions to gather input on needs and validate data from other tools

     Personas:

    Creating portraits of representative users using motivations and behaviors

     Use Case:

    Define how a future space will be used: Who | Where | Why | How

    Assessment Steps:
    1. Define and identify the current high level business process and its outcome
    2. Select appropriate assessment measures and assess the current process outcome
    a. Process based approach
    3. Analyze the results of the outcomes assessed
    4. Define high level business requirements
    5. Identify the gaps
    6. Recommendations and improvement areas

    Process based approach:


    1. To identify the process map:
    a. The roles that perform each of the tasks
    b. Entities, including assets, impacted by the processes
    c. Application programs affecting the process
    d. Data (tables) affected by the process
    e. Documents used by the process (data and documents used by this process
    would provide a link to the process that generated the data/documents)
    f. Documents generated by the process
    g. Controls built into the process

    2. Level of Maturity of the process


    a. Criticality of the process to the business
    b. Financial implication of the process
    c. Processes involving outsider interaction
    d. Customer interaction processes
    e. Recently changed processes

    3. Indicative Checklist
    a. What are the process objectives?
    b. How are they aligned to business objectives?
    c. What are the sources of data for this process? Are these data
    authenticated?
    d. What are the direct data entries into this process? How are they
    authenticated?
    e. What are the checks built in the process? What are the stated objectives of
    these checks? Are they sufficiently robust to achieve the desired objective?
    f. Which are the roles that hold data entry/modification rights in the process?
    Do these roles have sufficient authority to perform these actions?
    g. What are the implications of such data change/wrong data entry?
    h. What are the checks available for entry of accurate, authorized data only?

    Risk Assessment Process


     Identify the assets
     Determine the critical level of assets
     Identify the threats to each critical assets
     Identify the existing counter measures
     Determine the vulnerability level of each critical assets
     Determine the risk level of each critical assets
     Recommend security upgrades to reduce high levels of risk
    Cyber Security Assessment

    S-ar putea să vă placă și