Scribd Logo
Upload

Welcome to Scribd!

  • 2023 SA Information Security Thermometer Research Report 06

    Uploaded by

    Bruce ROBERTSON
    3 views5 pages
    This document discusses an organization's Enterprise Risk Management (ERM) function and information security risk management. It contains questions about the maturity of the organization's ERM process, whether it has an established Risk Management Committee, how often it conducts information security assessments, which risks are reported and remediated, and which tools it uses to capture and report on risks.

    Original Description:

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document discusses an organization's Enterprise Risk Management (ERM) function and information security risk management. It contains questions about the maturity of the organization's ERM process, whether it has an established Risk Management Committee, how often it conducts information security assessments, which risks are reported and remediated, and which tools it uses to capture and report on risks.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    3 views5 pages

    2023 SA Information Security Thermometer Research Report 06

    Uploaded by

    Bruce ROBERTSON
    This document discusses an organization's Enterprise Risk Management (ERM) function and information security risk management. It contains questions about the maturity of the organization's ERM process, whether it has an established Risk Management Committee, how often it conducts information security assessments, which risks are reported and remediated, and which tools it uses to capture and report on risks.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 5

    3/15/23, 3:14 PM The 2023 Information Security Thermometer

    The 2023 Information Security Thermometer

    * Required

    3. Information Security Risk


    (Estimated completion time: 3 mins)
    Enterprise Risk Management (ERM) includes the methods and processes used by organisations to
    manage risks and seize opportunities related to the achievement of their objectives. Since ERM is
    such a large domain, organisations have established dozens of risk categories under the ERM
    banner to create focus areas to manage these risks within acceptable levels. Some of the most
    relevant categories facing companies today include:
    Compliance risk – relating to compliance with laws and regulations.
    Financial risk – relating to monetary resources and cash flow.
    Operational risk - includes business disruption, system failure, fraud and cyber-
    related incidents.
    Information security risk management - understanding and responding to factors or possible
    events that will harm confidentiality, integrity and availability of an information system.

    24. In your opinion, how mature is your Enterprise Risk Management (ERM)
    function? *

    Extremely mature – have a defined risk methodology that manages all risks efficiently

    Somewhat mature and is more focused on major risks facing the organisation

    Immature and large room for improvement

    No ERM capability exists

    Don’t know

    https://forms.office.com/pages/responsepage.aspx?id=i_oLrX6FCkO1bgA0PMDIoTq8GFulIJxMsoSr_wljBsFUMjI5UU45UjNCN0RSTzU2N0RENj… 1/5
    3/15/23, 3:14 PM The 2023 Information Security Thermometer

    25. Do you have an established Risk Management Committee? *

    Yes and represented by senior management across the business

    Yes but not represented by business

    Not yet but plan to establish shortly

    No

    Don’t know

    26. Does a representative from information security form part of the Risk
    Management Committee? *

    Yes

    Not yet but plan to shortly

    No

    27. How often do you conduct a formal organisation-wide information


    security assessment? *

    Twice a year or more

    Once a year

    Every 2 years

    Less frequently than every 2 years

    Unplanned – ad hoc or when required

    We have not conducted any information risk assessments

    https://forms.office.com/pages/responsepage.aspx?id=i_oLrX6FCkO1bgA0PMDIoTq8GFulIJxMsoSr_wljBsFUMjI5UU45UjNCN0RSTzU2N0RENj… 2/5
    3/15/23, 3:14 PM The 2023 Information Security Thermometer

    28. Which information security risks are reported to the ERM function or Risk
    Management Committee and remediated? *

    All information security risks are reported and remediated

    Medium to critical risks are reported and remediated

    Only critical risks are reported and remediated

    Only critical risks are reported but hardly remediated

    No information security risks are reported or remediated

    Don’t know

    29. Which tool do you currently use to capture and report organisation risks?
    *

    Microsoft Office (Excel / Word)

    Risk management software tool (please specify)

    Internally developed tool (i.e. using SharePoint, JIRA etc)

    A combination of the above

    No tool yet but currently investigating

    None

    Other

    https://forms.office.com/pages/responsepage.aspx?id=i_oLrX6FCkO1bgA0PMDIoTq8GFulIJxMsoSr_wljBsFUMjI5UU45UjNCN0RSTzU2N0RENj… 3/5
    3/15/23, 3:14 PM The 2023 Information Security Thermometer

    30. Which IT risks are reported to the ERM function or Risk Management
    Committee and remediated? *

    All IT risks are reported and remediated

    Medium to critical risks are reported and remediated

    Only critical risks are reported and remediated

    Only critical risks are reported but hardly remediated

    No IT risks are reported or remediated

    Don’t know

    31. Which tool do you currently use to capture and report organisation risks?
    *

    Microsoft Office (Excel / Word)

    Risk management software tool (please specify)

    Internally developed tool (i.e. using SharePoint, JIRA etc)

    A combination of the above

    No tool yet but currently investigating

    None

    Other

    https://forms.office.com/pages/responsepage.aspx?id=i_oLrX6FCkO1bgA0PMDIoTq8GFulIJxMsoSr_wljBsFUMjI5UU45UjNCN0RSTzU2N0RENj… 4/5
    3/15/23, 3:14 PM The 2023 Information Security Thermometer

    32. Is there anything you would like to add to the information you have
    provided in this section? *

    Yes

    No

    Back Next

    Never give out your password. Report abuse

    This content is created by the owner of the form. The data you submit will be sent to the form owner. Microsoft is
    not responsible for the privacy or security practices of its customers, including those of this form owner. Never give
    out your password.

    Powered by Microsoft Forms |


    The owner of this form has not provided a privacy statement as to how they will use your response data. Do not
    provide personal or sensitive information.
    | Terms of use

    https://forms.office.com/pages/responsepage.aspx?id=i_oLrX6FCkO1bgA0PMDIoTq8GFulIJxMsoSr_wljBsFUMjI5UU45UjNCN0RSTzU2N0RENj… 5/5

    You might also like