I have a question on how you would deal with top level Risks for an organisation.
I have some Top level Enterprise Risks
e.g. 1. There is a risk of Ransomware on critical business Financial systems gaining unauthorised access encrypting data and the potential for privacy related issues.
2. There is a risk of authorised access due to Vulnerabilities detected on critical business Financial systems impacting the availability of the systems.
I would like to identify / associate the applicable Internal controls, the Assets and all Asset Risks associated to the Assets.
workflow
There is a risk of Ransomware on critical business Financial systems gaining unauthorised access encrypting data and the potential for privacy related issues.
im not sure i understand your question, perhaps rephrasing it would help. i think also is best you understand how risks are related to other components, out of this relationships you can use filters, reports, etc to gather data out
Thanks for the note:
Basically, I have High level risk themes of which lower risk issues (Asset Risks) make up one component of a risk scenario and overall risk rating increasing or decreasing.
In addition, to the Asset risk impacting the higher Risk theme scenario, there is the potential for internal control ratings which also (if DE / OE assessed) could impact the Risk theme scenario.
Therefore you have a organisation with key risk themes where Risk management - Business impacts / third party risks and asset risks rollup to.
At the moment, I have created these under Program Goals however struggle with linkage directly to internal controls / policies and exceptions.
In order to get through to the lower level modules you have to go through a mid-tier module.
Is there anyway to have a program goal link directly to an internal control or policy or another field from another table.
i just dont know what themes are , im sorry perhaps that is why im confused ! eramba keeps risk management simple and you will have to adapt to that , well , if using eramba is the plan!
program goals, as you can see on the documentation, has nothing to do with risk management in eramba. program goals is there for iso 27001 certified organisations . i dont think that section will help you on your risk stuff.
please, complete the basic four mandatory trainings BEFORE (yes , caps!) using eramba, make sure you fully understand what eramba does and how (you can ask if you need of course) and then, and only then, think how you will implement it…im sorry we cant help much.
Thank you for the post.
I have looked at other techniques and have decided to go with Compliance Packages and mappings linkages to Internal controls and Security Policies.
