Welcome to Scribd!

2.1c. Multitiered Risk Management

Uploaded by

0% found this document useful (0 votes)

25 views10 pages

This document outlines a three-tiered approach to risk management: Tier 1 addresses risk from an organizational perspective by establishing governance structures; Tier 2 addresses risk from a mission/business process view; and Tier 3 focuses on risk at the information systems level. Trustworthiness and organizational culture that values risk management are also important concepts for effective risk frameworks.

Original Description:

Copyright

Available Formats

PPTX, PDF, TXT or read online from Scribd

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Report this Document

Copyright:

Available Formats

Download as PPTX, PDF, TXT or read online from Scribd

Flag for inappropriate content

0% found this document useful (0 votes)

25 views10 pages

2.1c. Multitiered Risk Management

Uploaded by

ombilin

Copyright:

Available Formats

Download as PPTX, PDF, TXT or read online from Scribd

Flag for inappropriate content

Jump to Page

You are on page 1of 10

Search inside document

MULTITIERED RISK

MANAGEMENT
A three-tiered approach
Tier 1 - Organization
Tier 1 implements the first component of risk management
(i.e., risk framing), providing the context for all risk
management activities carried out by organizations

 Addresses risk from an organizational perspective by

establishing and implementing governance structures that
are consistent with the strategic goals and objectives of
organizations and the requirements defined by federal laws,
directives, policies, regulations, standards, and
missions/business functions.
Tier 1
• Governance structures provide oversight for the risk
management activities conducted by organizations and
include:
• the establishment and implementation of a risk executive
(function);
• the establishment of the organization’s risk management strategy
including the determination of risk tolerance; and
• the development and execution of organization-wide investment
strategies for information resources and information security.
TIER TWO—MISSION/BUSINESS PROCESS VIEW

Tier 2 addresses risk from a mission/business process

perspective by designing, developing, and implementing
mission/business processes that support the
missions/business functions defined at Tier 1

• Risk-Aware Mission/Business Processes

• Enterprise Architecture
• Information Security Architecture
TIER THREE—INFORMATION SYSTEMS
VIEW
 The risk management activities at Tier 3 reflect the
organization’s risk management strategy and any risk
related to the cost, schedule, and performance
requirements for individual information systems
supporting the mission/business functions of
organizations.
TRUST AND TRUSTWORTHINESS
 Trust is an important concept related to risk
management

 Trustworthiness is an attribute of a person or

organization that provides confidence to others of the
qualifications, capabilities, and reliability of that entity
to perform specific tasks and fulfill assigned
responsibilitie
ORGANIZATIONAL CULTURE
 Organizational culture refers to the values, beliefs, and
norms that influence the behaviors and actions of the
senior leaders/executives and individual members of
organizations
Thanks

CISM Chapter2-Info Risk MGMT - Compliance
Document70 pages
CISM Chapter2-Info Risk MGMT - Compliance
Lakshmi
No ratings yet
ELC Assignment No. 2
Document10 pages
ELC Assignment No. 2
Bea Christine
50% (2)
Information Security Risk Management for ISO 27001/ISO 27002, third edition
From Everand
Information Security Risk Management for ISO 27001/ISO 27002, third edition
Alan Calder
Rating: 4 out of 5 stars
4/5 (3)
Security Framework
Document10 pages
Security Framework
Benjamin Ugwu
100% (1)
Unit Ii - Introduction To Risk Management
Document31 pages
Unit Ii - Introduction To Risk Management
Kumar Kn
No ratings yet
Holistic IT Governance
Document13 pages
Holistic IT Governance
Wannachin Chinchaipong
100% (3)
004 C2M2 Reference Cheat Sheet
Document1 page
004 C2M2 Reference Cheat Sheet
albertopaez
No ratings yet
Concise Guide to CompTIA Security +
From Everand
Concise Guide to CompTIA Security +
alasdair gilchrist
Rating: 3 out of 5 stars
3/5 (2)
C2M2 Cheat Sheet V1 - Aug 13 2022
Document2 pages
C2M2 Cheat Sheet V1 - Aug 13 2022
Raúl Alejandro Trigos Angarita
No ratings yet
ISM Notes PDF
Document138 pages
ISM Notes PDF
Ajay Birare
No ratings yet
Undertaking The Risk Management Process: Audience
Document11 pages
Undertaking The Risk Management Process: Audience
arfian yuddy
No ratings yet
Unit 3
Document4 pages
Unit 3
Akash Shukla
No ratings yet
ISO/ IEC 27001:2013 Lead Implementer Training Trainer: Trivesh Sharma, Oyuntugs B
Document7 pages
ISO/ IEC 27001:2013 Lead Implementer Training Trainer: Trivesh Sharma, Oyuntugs B
Trivesh Sharma
No ratings yet
Chapter 4a Risk Management
Document14 pages
Chapter 4a Risk Management
Eliza Coloma
No ratings yet
Three Lines Model Updated
Document13 pages
Three Lines Model Updated
Jose David Pardo Salazar
No ratings yet
Risk Management
Document23 pages
Risk Management
Welanie Tatel
No ratings yet
Information Security and Assurance Risk Management 1
Document22 pages
Information Security and Assurance Risk Management 1
Jenny Apilado
No ratings yet
Information Security Governance
Document14 pages
Information Security Governance
Ala' Esam Zayadeen
No ratings yet
Chapter 6 - Risk Management
Document76 pages
Chapter 6 - Risk Management
--bolabola
No ratings yet
Cat
Document4 pages
Cat
digitisationpartner
No ratings yet
Chapter 4 - Risk Management
Document22 pages
Chapter 4 - Risk Management
Ashura Osip
No ratings yet
ISO 31000 Risk Management Process: Osama Mohammed Quality & Safety Officer
Document25 pages
ISO 31000 Risk Management Process: Osama Mohammed Quality & Safety Officer
wajdi azouzi
No ratings yet
Importance of Risk Management
Document15 pages
Importance of Risk Management
rizalajie wiyono
No ratings yet
IT Security Governance
Document3 pages
IT Security Governance
Rubab Iqbal
No ratings yet
Risk Assessment Frameworks: Rodney Petersen Government Relations Officer Security Task Force Coordinator Educause
Document23 pages
Risk Assessment Frameworks: Rodney Petersen Government Relations Officer Security Task Force Coordinator Educause
Piyush Gupta
No ratings yet
Chapter 4: Risk Management: Nadiatul Qalbi Amalia Rizqi (04191133307)
Document23 pages
Chapter 4: Risk Management: Nadiatul Qalbi Amalia Rizqi (04191133307)
nadxco 1711
No ratings yet
Information Security Management System: ISMS Description
Document4 pages
Information Security Management System: ISMS Description
jakelmeme
No ratings yet
IT Risk Management Framework: Governance & Standards Division
Document24 pages
IT Risk Management Framework: Governance & Standards Division
Mohamed Nazih
No ratings yet
Risk Assessment and Management
Document11 pages
Risk Assessment and Management
Amor Dianne Arat
100% (2)
A Practical Guide To Enterprise Risk Management
Document80 pages
A Practical Guide To Enterprise Risk Management
Adnan Naseem
100% (11)
The Diagram Below Provides An Effective Summary of The Process To Be Followed
Document14 pages
The Diagram Below Provides An Effective Summary of The Process To Be Followed
asifsubhan
No ratings yet
Unit 3
Document6 pages
Unit 3
ayushmakhijani382
No ratings yet
ERM - COSO Application Techniques
Document113 pages
ERM - COSO Application Techniques
Andika Buzz
100% (4)
Co So Enterprise Risk Management Framework
Document2 pages
Co So Enterprise Risk Management Framework
asifsubhan
No ratings yet
Cs-Csps Niap Ism Job Description Eng v1.1
Document7 pages
Cs-Csps Niap Ism Job Description Eng v1.1
daniel hamdani
No ratings yet
Manajemen Risiko
Document53 pages
Manajemen Risiko
arcopiero
No ratings yet
Group Assignment
Document5 pages
Group Assignment
kefyalew T
No ratings yet
Risk Management in Complex Organizational Environments: Thoughts For Records/archives Professionals
Document21 pages
Risk Management in Complex Organizational Environments: Thoughts For Records/archives Professionals
Manfredwang
No ratings yet
Chapter 5 - Planning For Security
Document17 pages
Chapter 5 - Planning For Security
Ashura Osip
No ratings yet
Information Security Management System
Document9 pages
Information Security Management System
Maninder Singh
No ratings yet
ISMS
Document23 pages
ISMS
shivpreetsandhu
100% (1)
Information Security Governance PDF
Document6 pages
Information Security Governance PDF
Rubab Iqbal
No ratings yet
CCISO Course Outline
Document15 pages
CCISO Course Outline
shrikant
No ratings yet
Key Element of Enterprise Risk Management
Document1 page
Key Element of Enterprise Risk Management
Arslan Qadir
No ratings yet
ISO 270012013 ISMSnbspManual
Document137 pages
ISO 270012013 ISMSnbspManual
fitriah adjis
100% (1)
Chapter 1 - BAGOBUSX
Document11 pages
Chapter 1 - BAGOBUSX
Claire Joy Cadorna
No ratings yet
Risk Management
Document9 pages
Risk Management
Chic Voh
No ratings yet
FALLSEM2023-24 BCSE353E ETH VL2023240100871 2023-06-15 Reference-Material-III
Document10 pages
FALLSEM2023-24 BCSE353E ETH VL2023240100871 2023-06-15 Reference-Material-III
adhi lionel
No ratings yet
Enterprise Risk Management Framework and KRIS
Document29 pages
Enterprise Risk Management Framework and KRIS
Harryndra Aufandi Rahardyan
No ratings yet
Unit - Iii Ias
Document21 pages
Unit - Iii Ias
Shubhangi Sharma
No ratings yet
COE 456 Secure Network Systems: Lecture 2: Risk Management (Part I) : Identifying and Assessing Risk
Document44 pages
COE 456 Secure Network Systems: Lecture 2: Risk Management (Part I) : Identifying and Assessing Risk
dayas1979
No ratings yet
ARM 101 Approaches To Risk Management
Document6 pages
ARM 101 Approaches To Risk Management
Salim Yusuf Binali
No ratings yet
A Risk Management Standard
Document16 pages
A Risk Management Standard
okamo
No ratings yet
The IIA's Three Lines Model
Document13 pages
The IIA's Three Lines Model
OSAMA ABUSKAR
No ratings yet
Information Security Governance PDF
Document6 pages
Information Security Governance PDF
dogeveneziano
No ratings yet
Hardening by Auditing: A Handbook for Measurably and Immediately Iimrpving the Security Management of Any Organization
From Everand
Hardening by Auditing: A Handbook for Measurably and Immediately Iimrpving the Security Management of Any Organization
Eugene A. Razzetti
No ratings yet
Mastering Opportunities and Risks in IT Projects: Identifying, anticipating and controlling opportunities and risks: A model for effective management in IT development and operation
From Everand
Mastering Opportunities and Risks in IT Projects: Identifying, anticipating and controlling opportunities and risks: A model for effective management in IT development and operation
Stefan Luckhaus
No ratings yet
Practice Aid: Enterprise Risk Management: Guidance For Practical Implementation and Assessment, 2018
From Everand
Practice Aid: Enterprise Risk Management: Guidance For Practical Implementation and Assessment, 2018
AICPA
No ratings yet
The Chartered Risk Officer
From Everand
The Chartered Risk Officer
Dr. Zulk Shamsuddin
Rating: 5 out of 5 stars
5/5 (1)
The Certified Occupational Risk Manager
From Everand
The Certified Occupational Risk Manager
Dr. Zulk Shamsuddin
No ratings yet