This document discusses controls listed in a system of application (SOA) and risk register, noting that there should not be any mismatches between controls listed as applicable in the SOA and those identified in the risk register. It provides an example where a control is marked as applicable in the SOA but is not listed in the risk register, indicating a potential risk was not properly identified. The document recommends reviewing the scope if any such mismatches are found between the SOA and risk register.
This document discusses controls listed in a system of application (SOA) and risk register, noting that there should not be any mismatches between controls listed as applicable in the SOA and those identified in the risk register. It provides an example where a control is marked as applicable in the SOA but is not listed in the risk register, indicating a potential risk was not properly identified. The document recommends reviewing the scope if any such mismatches are found between the SOA and risk register.
This document discusses controls listed in a system of application (SOA) and risk register, noting that there should not be any mismatches between controls listed as applicable in the SOA and those identified in the risk register. It provides an example where a control is marked as applicable in the SOA but is not listed in the risk register, indicating a potential risk was not properly identified. The document recommends reviewing the scope if any such mismatches are found between the SOA and risk register.
every option has a control attached to it. - Control - 6.1.
3 a SOA - All the applicable controls and non applicable controls.
Risk register - YEs - A 18..1.5 Regulation of
for eg- 12.2.1 is mentioned in risk register. cyprtographic controls. and SOA its not applicable then its a mismatch. SOA- no Scope must be relooked. Review the scope in such scenario
Fireewall will block unnecessary traffic , EDR,AV/AM
In SOA - 12.2.1 - YES
Risk Register - ut tnot there
Risk is not identified
Risk is identified but organization is having culture issues