Part 4 — Reconcile rapid digital transformation with security and compliance

Dr. Jaber Kakar |

Recall that step 1 is all about developing a solid understanding of security-relevant assets while step 2 deals with determining the criticality of assets in terms of protection goals. In step 3, we have detected security deficiencies through a comparison of required and actually implemented security measures. What is the next step is the subject of this blog post.

Include security deficiencies in your risk inventory

Simply said, step 4 is all about including all security deficiencies in the risk inventory. Where do these security deficiencies or vulnerabilities come from?

On the one hand, through the target-performance comparison discussed in step 3, vulnerabilities are detected which refers to security measures that have either not been implemented at all or have been implemented inadequately. These, of course, represent risks that need to be addressed. On the other hand, in addition to these deficiencies, identified security vulnerabilities from internal or external audits or identified vulnerabilities in the context of service provider management (ISAE 3402) are also included in their entirety in the IT risk inventory.

All risks combined form the risk inventory. It is important to be able to categorize the list of risks in terms of a variety of risk attributes, such as the risk owner, type of risk, etc. Digital solutions offered by SRC offer you a compact, clear summary of risks from various risk domains or areas. Risks can be filtered according to the respective risk attributes to create user-friendly dashboards or reports.

Thanks for reading! If you want to learn more about Security, Risk and Compliance please visit our website or contact us on our social media.