...
Eg an NDA is a risk management strategy, but that is just general business practice, if you are not signing an NDA then that is a risk in itself.
Other topics
Job Roles
It’s good to have job rotation, times away from the role to ensure that there is no systemic or malicious activity happening.
Separation of job roles - eg having separate person that makes payments vs setting up new vendors in your system, or have approval processes for setting up new vendors.
Clean desk policy - that is not specifically saying no paper on the desk, but being aware of the risk of all information when dealing with it.
...
A huge area. Different if you just have a simple wifi network and use cloud apps vs having on premise servers.
Are you required to share network access with another company.
Is there any regulatory controls that impact your network operations.
Risk Documentation
Risk Response
Accept
Transfer
Eg Insurance
Avoid
Mitigate
Links
| Filter by label (Content by label) | ||
|---|---|---|
|