Content library
Digital security overview
15: Digiturvan säännöllinen riskienarviointi

How to fill the requirement

Digital security overview

15: Digiturvan säännöllinen riskienarviointi

Task name
Priority
Status
Theme
Policy
Other requirements
Identification and documentation of cyber security risks
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Risk management and leadership
Risk management
35
requirements

Task is fulfilling also these other security requirements

T04: Turvallisuusriskien hallinta
Katakri
13 §: Tietoaineistojen ja tietojärjestelmien tietoturvallisuus
TiHL
24. Responsibility of the controller
GDPR
5. Principles relating to processing of personal data
GDPR
8.3: Information security risk treatment
ISO27k1 Full
1. Task description

The organization proactively seeks to list and assess the likelihood and severity of various cyber security risks. The documentation shall include the following:

  • Description of the risk
  • Evaluated impact and likelihood of the risk
  • Tasks for managing the risk or other treatment options
  • Acceptability of the risk
Evaluation process and documentation of significant security-related changes
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Risk management and leadership
Risk management
30
requirements

Task is fulfilling also these other security requirements

6.3: Planning of changes
ISO27k1 Full
8.1: Operational planning and control
ISO27k1 Full
12.1.2: Change management
ISO27 Full
6.5: Tietojärjestelmien asennus, ylläpito ja päivitys
Self-monitoring
PR.IP-3: Configuration change control processes
NIST
1. Task description

In systematic cyber security work, the impact of significant changes must be assessed in advance and they must be executed in a controlled way. The consequences of unintentional changes must be assessed and efforts made to mitigate possible adverse effects.

Significant changes may include: changes in the organization, operating environment, business processes and data systems. Changes can be identified e.g. through management reviews and other cyber security work.

No items found.