D10 Target object scope |
IT Definition of Scope and Framework |
A.3 Generation of risk management context |
Input data |
|
IT Definition of Scope and Framework - CGF |
A.3 Generation of risk management context |
Input data |
|
IT Definition of Scope and Framework - ERM |
A.3 Generation of risk management context |
Input data |
|
IT Definition of Scope and Framework - ICS |
A.3 Generation of risk management context |
Input data |
D11 Assessment scope |
IT Definition of Scope and Framework |
A.3 Generation of risk management context |
Input data |
|
IT Definition of Scope and Framework - CGF |
A.3 Generation of risk management context |
Input data |
|
IT Definition of Scope and Framework - ERM |
A.3 Generation of risk management context |
Input data |
|
IT Definition of Scope and Framework - ICS |
A.3 Generation of risk management context |
Input data |
D12 Role defs. for assessment |
IT Definition of Scope and Framework |
A.3 Generation of risk management context |
Input data |
|
IT Definition of Scope and Framework - CGF |
A.3 Generation of risk management context |
Input data |
|
IT Definition of Scope and Framework - ERM |
A.3 Generation of risk management context |
Input data |
|
IT Definition of Scope and Framework - ICS |
A.3 Generation of risk management context |
Input data |
D13 Assessment plan add. info |
IT Definition of Scope and Framework - ICS |
A.3 Generation of risk management context |
Output data |
D14 Role participants |
IT Definition of Scope and Framework |
A.3 Generation of risk management context |
Output data |
|
IT Definition of Scope and Framework - CGF |
A.3 Generation of risk management context |
Output data |
|
IT Definition of Scope and Framework - ERM |
A.3 Generation of risk management context |
Output data |
|
IT Definition of Scope and Framework - ICS |
A.3 Generation of risk management context |
Output data |
D15 Add. considered activities |
IT Definition of Scope and Framework |
A.3 Generation of risk management context |
Output data |
|
IT Definition of Scope and Framework - CGF |
A.3 Generation of risk management context |
Output data |
|
IT Definition of Scope and Framework - ERM |
A.3 Generation of risk management context |
Output data |
|
IT Definition of Scope and Framework - ICS |
A.3 Generation of risk management context |
Output data |
|
IT Risk Treatment |
A.11 Implementation of action plan |
Input data |
|
IT Risk Treatment - CGF |
A.11 Implementation of action plan |
Input data |
|
IT Risk Treatment - ERM |
A.11 Implementation of action plan |
Input data |
|
IT Risk Treatment - ICS |
A.11 Implementation of action plan |
Input data |
D16 Org./proc. to be assessed |
IT Definition of Scope and Framework |
A.3 Generation of risk management context |
Output data |
|
IT Definition of Scope and Framework - CGF |
A.3 Generation of risk management context |
Output data |
|
IT Definition of Scope and Framework - ERM |
A.3 Generation of risk management context |
Output data |
|
IT Definition of Scope and Framework - ICS |
A.3 Generation of risk management context |
Output data |
D17 Risk id methodology |
Assess and evaluate IT risks ICS |
Asse1 |
Data |
|
Assess and evaluate IT risks ICS |
Assess risks in IT service(s) DP |
Mapping Source |
|
Assess risks ICS ERM |
Asse2 |
Data |
|
Assess risks ICS ERM |
Which estimation method? DP |
Mapping Source |
|
IT Risk Assessment |
A.5 Identification of risks |
Input data |
|
IT Risk Assessment - CGF |
A.5 Identification of risks |
Input data |
|
IT Risk Assessment - ERM |
A.5 Identification of risks |
Input data |
|
IT Risk Assessment - ICS |
A.5 Identification of risks |
Input data |
|
IT Risk Assessment - ICS |
Exchange Data2 |
Data |
D18 Impact statements |
IT Risk Assessment |
A.5 Identification of risks |
Input data |
|
IT Risk Assessment - CGF |
A.5 Identification of risks |
Input data |
|
IT Risk Assessment - ERM |
A.5 Identification of risks |
Input data |
|
IT Risk Assessment - ICS |
A.5 Identification of risks |
Input data |
D19 Historical information |
IT Risk Assessment |
A.5 Identification of risks |
Input data |
|
IT Risk Assessment - CGF |
A.5 Identification of risks |
Input data |
|
IT Risk Assessment - ERM |
A.5 Identification of risks |
Input data |
|
IT Risk Assessment - ICS |
A.5 Identification of risks |
Input data |
D1 Market info |
IT Definition of Scope and Framework - ICS |
A.1 Definition of external environment |
Input data |
D20 Assessment tools |
IT Risk Assessment |
A.5 Identification of risks |
Input data |
|
IT Risk Assessment - CGF |
A.5 Identification of risks |
Input data |
|
IT Risk Assessment - ERM |
A.5 Identification of risks |
Input data |
|
IT Risk Assessment - ICS |
A.5 Identification of risks |
Input data |
D21 Relevant threats |
Assess and evaluate IT risks ICS |
Asse1 |
Data |
|
Assess and evaluate IT risks ICS |
Assess risks in IT service(s) DP |
Mapping Source |
|
Assess risks ICS ERM |
Asse1 |
Data |
|
Assess risks ICS ERM |
Identify relevant process risks DP |
Mapping Source |
|
Identify events ERM |
Consider range of potential events DP |
Mapping Source |
|
Identify events ERM |
Ide1 |
Data |
|
IT Risk Assessment |
A.5 Identification of risks |
Output data |
|
IT Risk Assessment |
A.6 Analysis of relevant risks |
Input data |
|
IT Risk Assessment - CGF |
A.5 Identification of risks |
Output data |
|
IT Risk Assessment - CGF |
A.6 Analysis of relevant risks |
Input data |
|
IT Risk Assessment - ERM |
A.5 Identification of risks |
Output data |
|
IT Risk Assessment - ERM |
A.6 Analysis of relevant risks |
Input data |
|
IT Risk Assessment - ERM |
Data Port |
Mapping Target |
|
IT Risk Assessment - ERM |
Exchange Data2 |
Data |
|
IT Risk Assessment - ICS |
A.5 Identification of risks |
Output data |
|
IT Risk Assessment - ICS |
A.6 Analysis of relevant risks |
Input data |
|
IT Risk Assessment - ICS |
Data Port |
Mapping Target |
|
IT Risk Assessment - ICS |
Data Port |
Mapping Target |
|
IT Risk Assessment - ICS |
Exchange Data2 |
Data |
D22 Relevant vulnerabilities |
Assess and evaluate IT risks ICS |
Asse1 |
Data |
|
Assess and evaluate IT risks ICS |
Assess risks in IT service(s) DP |
Mapping Source |
|
Assess risks ICS ERM |
Asse1 |
Data |
|
Assess risks ICS ERM |
Identify relevant process risks DP |
Mapping Source |
|
Identify events ERM |
Consider range of potential events DP |
Mapping Source |
|
Identify events ERM |
Ide1 |
Data |
|
IT Risk Assessment |
A.5 Identification of risks |
Output data |
|
IT Risk Assessment |
A.6 Analysis of relevant risks |
Input data |
|
IT Risk Assessment - CGF |
A.5 Identification of risks |
Output data |
|
IT Risk Assessment - CGF |
A.6 Analysis of relevant risks |
Input data |
|
IT Risk Assessment - ERM |
A.5 Identification of risks |
Output data |
|
IT Risk Assessment - ERM |
A.6 Analysis of relevant risks |
Input data |
|
IT Risk Assessment - ERM |
Exchange Data2 |
Data |
|
IT Risk Assessment - ICS |
A.5 Identification of risks |
Output data |
|
IT Risk Assessment - ICS |
A.6 Analysis of relevant risks |
Input data |
|
IT Risk Assessment - ICS |
Exchange Data2 |
Data |
D23 Relevant impacts |
Assess and evaluate IT risks ICS |
Asse1 |
Data |
|
Assess and evaluate IT risks ICS |
Assess risks in IT service(s) DP |
Mapping Source |
|
Assess risks ICS ERM |
Asse3 |
Data |
|
Assess risks ICS ERM |
Estimate likelihood and impact DP |
Mapping Source |
|
Identify events ERM |
Consider range of potential events DP |
Mapping Source |
|
Identify events ERM |
Ide1 |
Data |
|
IT Risk Assessment |
A.5 Identification of risks |
Output data |
|
IT Risk Assessment |
A.6 Analysis of relevant risks |
Input data |
|
IT Risk Assessment - CGF |
A.5 Identification of risks |
Output data |
|
IT Risk Assessment - CGF |
A.6 Analysis of relevant risks |
Input data |
|
IT Risk Assessment - ERM |
A.5 Identification of risks |
Output data |
|
IT Risk Assessment - ERM |
A.6 Analysis of relevant risks |
Input data |
|
IT Risk Assessment - ERM |
Exchange Data2 |
Data |
|
IT Risk Assessment - ICS |
A.5 Identification of risks |
Output data |
|
IT Risk Assessment - ICS |
A.6 Analysis of relevant risks |
Input data |
|
IT Risk Assessment - ICS |
Exchange Data2 |
Data |
D24 Values for assets |
Assess and evaluate IT risks ICS |
Asse1 |
Data |
|
Assess and evaluate IT risks ICS |
Assess risks in IT service(s) DP |
Mapping Source |
|
Assess risks ICS ERM |
Asse3 |
Data |
|
Assess risks ICS ERM |
Estimate likelihood and impact DP |
Mapping Source |
|
IT Risk Assessment - ICS |
Exchange Data2 |
Data |
D25 Identification method doc. |
IT Risk Assessment |
A.5 Identification of risks |
Output data |
|
IT Risk Assessment |
A.6 Analysis of relevant risks |
Input data |
|
IT Risk Assessment - CGF |
A.5 Identification of risks |
Output data |
|
IT Risk Assessment - CGF |
A.6 Analysis of relevant risks |
Input data |
|
IT Risk Assessment - ERM |
A.5 Identification of risks |
Output data |
|
IT Risk Assessment - ERM |
A.6 Analysis of relevant risks |
Input data |
|
IT Risk Assessment - ICS |
A.5 Identification of risks |
Output data |
|
IT Risk Assessment - ICS |
A.6 Analysis of relevant risks |
Input data |
D26 Likelihood data |
Assess and evaluate IT risks ICS |
Asse1 |
Data |
|
Assess and evaluate IT risks ICS |
Assess risks in IT service(s) DP |
Mapping Source |
|
Assess risks ICS ERM |
Asse3 |
Data |
|
Assess risks ICS ERM |
Estimate likelihood and impact DP |
Mapping Source |
|
IT Risk Assessment |
A.5 Identification of risks |
Output data |
|
IT Risk Assessment |
A.6 Analysis of relevant risks |
Input data |
|
IT Risk Assessment - CGF |
A.5 Identification of risks |
Output data |
|
IT Risk Assessment - CGF |
A.6 Analysis of relevant risks |
Input data |
|
IT Risk Assessment - ERM |
A.5 Identification of risks |
Output data |
|
IT Risk Assessment - ERM |
A.6 Analysis of relevant risks |
Input data |
|
IT Risk Assessment - ICS |
A.5 Identification of risks |
Output data |
|
IT Risk Assessment - ICS |
A.6 Analysis of relevant risks |
Input data |
|
IT Risk Assessment - ICS |
Exchange Data2 |
Data |
D27 Disregarded threats just. |
Assess and evaluate IT risks ICS |
Asse1 |
Data |
|
Assess and evaluate IT risks ICS |
Assess risks in IT service(s) DP |
Mapping Source |
|
Assess risks ICS ERM |
Asse1 |
Data |
|
Assess risks ICS ERM |
Identify relevant process risks DP |
Mapping Source |
|
IT Risk Assessment |
A.5 Identification of risks |
Output data |
|
IT Risk Assessment |
A.6 Analysis of relevant risks |
Input data |
|
IT Risk Assessment - CGF |
A.5 Identification of risks |
Output data |
|
IT Risk Assessment - CGF |
A.6 Analysis of relevant risks |
Input data |
|
IT Risk Assessment - ERM |
A.5 Identification of risks |
Output data |
|
IT Risk Assessment - ERM |
A.6 Analysis of relevant risks |
Input data |
|
IT Risk Assessment - ICS |
A.5 Identification of risks |
Output data |
|
IT Risk Assessment - ICS |
A.6 Analysis of relevant risks |
Input data |
|
IT Risk Assessment - ICS |
Exchange Data2 |
Data |
D28 Risk treatment decision |
Assess and evaluate IT risks ICS |
Asse3 |
Data |
|
Assess and evaluate IT risks ICS |
Evaluate risks for IT service(s) DP |
Mapping Source |
|
Define business controls ICS |
Def2 |
Data |
|
Define business controls ICS |
Evaluate applicable types of control activities DP |
Mapping Source |
|
Define IT controls ICS |
Def2 |
Data |
|
Define IT controls ICS |
Identify IT control requirements DP |
Mapping Source |
|
Define risk response ICS ERM |
Def3 |
Data |
|
Define risk response ICS ERM |
Develop implementation plan DP |
Mapping Source |
|
Design IT service |
Des2 |
Data |
|
Design IT service |
Evaluate implementation scenarios DP |
Mapping Source |
|
Develop projects plans |
Dev3 |
Data |
|
Develop projects plans |
Split implement. into smaller projects DP |
Mapping Source |
|
Establish control activities ICS ERM |
Est2 |
Data |
|
Establish control activities ICS ERM |
Establish entity specific controls DP |
Mapping Source |
|
Evaluate Framework implementation scenarios |
Develop different imp. scenarios DP |
Mapping Source |
|
Evaluate Framework implementation scenarios |
Eva2 |
Data |
|
IT Monitor and Review |
A.14 Risk monitoring and reporting |
Input data |
|
IT Monitor and Review - CGF |
A.14 Risk monitoring and reporting |
Input data |
|
IT Monitor and Review - ERM |
A.14 Risk monitoring and reporting |
Input data |
|
IT Monitor and Review - ICS |
A.14 Risk monitoring and reporting |
Input data |
|
IT Risk Acceptance |
A.13 Risk acceptance |
Input data |
|
IT Risk Acceptance - CGF |
A.13 Risk acceptance |
Input data |
|
IT Risk Acceptance - CGF |
Exchange Data1 |
Data |
|
IT Risk Acceptance - ERM |
A.13 Risk acceptance |
Input data |
|
IT Risk Acceptance - ICS |
A.13 Risk acceptance |
Input data |
|
IT Risk Assessment |
A.7 Evaluation of risks |
Output data |
|
IT Risk Assessment - CGF |
A.7 Evaluation of risks |
Output data |
|
IT Risk Assessment - ERM |
A.7 Evaluation of risks |
Output data |
|
IT Risk Assessment - ICS |
A.7 Evaluation of risks |
Output data |
|
IT Risk Treatment |
A.8 Identification of options |
Input data |
|
IT Risk Treatment - CGF |
A.8 Identification of options |
Input data |
|
IT Risk Treatment - ERM |
A.8 Identification of options |
Input data |
|
IT Risk Treatment - ERM |
Exchange Data1 |
Data |
|
IT Risk Treatment - ICS |
A.8 Identification of options |
Input data |
|
IT Risk Treatment - ICS |
Exchange Data1 |
Data |
D29 Add. org. roles |
IT Risk Treatment |
A.9 Development of action plan |
Input data |
|
IT Risk Treatment - CGF |
A.9 Development of action plan |
Input data |
|
IT Risk Treatment - ERM |
A.9 Development of action plan |
Input data |
|
IT Risk Treatment - ICS |
A.9 Development of action plan |
Input data |
D2 Financial & political info |
IT Definition of Scope and Framework - ICS |
A.1 Definition of external environment |
Input data |
D30 Planning methodology |
IT Risk Treatment |
A.9 Development of action plan |
Input data |
|
IT Risk Treatment - CGF |
A.9 Development of action plan |
Input data |
|
IT Risk Treatment - ERM |
A.9 Development of action plan |
Input data |
|
IT Risk Treatment - ICS |
A.9 Development of action plan |
Input data |
D31 Priority scheme |
IT Risk Treatment |
A.9 Development of action plan |
Input data |
|
IT Risk Treatment - CGF |
A.9 Development of action plan |
Input data |
|
IT Risk Treatment - ERM |
A.9 Development of action plan |
Input data |
|
IT Risk Treatment - ICS |
A.9 Development of action plan |
Input data |
D32 Action plan |
Establish control activities ICS ERM |
Est3 |
Data |
|
Establish control activities ICS ERM |
Prioritise monitoring procedures DP |
Mapping Source |
|
IT Monitor and Review |
A.14 Risk monitoring and reporting |
Input data |
|
IT Monitor and Review - CGF |
A.14 Risk monitoring and reporting |
Input data |
|
IT Monitor and Review - ERM |
A.14 Risk monitoring and reporting |
Input data |
|
IT Monitor and Review - ICS |
A.14 Risk monitoring and reporting |
Input data |
|
IT Monitor and Review - ICS |
Data Port |
Mapping Target |
|
IT Monitor and Review - ICS |
Exchange Data2 |
Data |
|
IT Risk Treatment |
A.10 Approval of action plan |
Input data |
|
IT Risk Treatment |
A.9 Development of action plan |
Output data |
|
IT Risk Treatment - CGF |
A.10 Approval of action plan |
Input data |
|
IT Risk Treatment - CGF |
A.9 Development of action plan |
Output data |
|
IT Risk Treatment - ERM |
A.10 Approval of action plan |
Input data |
|
IT Risk Treatment - ERM |
A.9 Development of action plan |
Output data |
|
IT Risk Treatment - ICS |
A.10 Approval of action plan |
Input data |
|
IT Risk Treatment - ICS |
A.9 Development of action plan |
Output data |
|
Monitor business operations ICS ERM |
Mon1 |
Data |
|
Monitor business operations ICS ERM |
Perform ongoing monitoring activities DP |
Mapping Source |
|
Monitor IT operations ICS |
Mon1 |
Data |
|
Monitor IT operations ICS |
Perform ongoing monitoring activities DP |
Mapping Source |
D33 Resource assignment |
IT Monitor and Review |
A.14 Risk monitoring and reporting |
Input data |
|
IT Monitor and Review - CGF |
A.14 Risk monitoring and reporting |
Input data |
|
IT Monitor and Review - ERM |
A.14 Risk monitoring and reporting |
Input data |
|
IT Monitor and Review - ICS |
A.14 Risk monitoring and reporting |
Input data |
|
IT Risk Treatment |
A.9 Development of action plan |
Output data |
|
IT Risk Treatment - CGF |
A.9 Development of action plan |
Output data |
|
IT Risk Treatment - ERM |
A.9 Development of action plan |
Output data |
|
IT Risk Treatment - ICS |
A.9 Development of action plan |
Output data |
D34 Responsibility assignment |
IT Risk Treatment |
A.9 Development of action plan |
Output data |
|
IT Risk Treatment - CGF |
A.9 Development of action plan |
Output data |
|
IT Risk Treatment - ERM |
A.9 Development of action plan |
Output data |
|
IT Risk Treatment - ICS |
A.9 Development of action plan |
Output data |
D35 Reporting scheme |
IT Risk Treatment |
A.11 Implementation of action plan |
Input data |
|
IT Risk Treatment - CGF |
A.11 Implementation of action plan |
Input data |
|
IT Risk Treatment - ERM |
A.11 Implementation of action plan |
Input data |
|
IT Risk Treatment - ICS |
A.11 Implementation of action plan |
Input data |
D36 Implementation cost reporting |
IT Risk Treatment |
A.11 Implementation of action plan |
Input data |
|
IT Risk Treatment - CGF |
A.11 Implementation of action plan |
Input data |
|
IT Risk Treatment - ERM |
A.11 Implementation of action plan |
Input data |
|
IT Risk Treatment - ICS |
A.11 Implementation of action plan |
Input data |
D37 Coordinated activity list |
IT Risk Treatment |
A.11 Implementation of action plan |
Output data |
|
IT Risk Treatment - CGF |
A.11 Implementation of action plan |
Output data |
|
IT Risk Treatment - ERM |
A.11 Implementation of action plan |
Output data |
|
IT Risk Treatment - ICS |
A.11 Implementation of action plan |
Output data |
D38 Project progress reports |
IT Risk Treatment |
A.11 Implementation of action plan |
Output data |
|
IT Risk Treatment - CGF |
A.11 Implementation of action plan |
Output data |
|
IT Risk Treatment - ERM |
A.11 Implementation of action plan |
Output data |
|
IT Risk Treatment - ICS |
A.11 Implementation of action plan |
Output data |
D39 Implement. progress reports |
IT Monitor and Review |
A.14 Risk monitoring and reporting |
Input data |
|
IT Monitor and Review - CGF |
A.14 Risk monitoring and reporting |
Input data |
|
IT Monitor and Review - CGF |
Data Port-168307 |
Mapping Target |
|
IT Monitor and Review - CGF |
Data Port-168307 |
Mapping Target |
|
IT Monitor and Review - ERM |
A.14 Risk monitoring and reporting |
Input data |
|
IT Monitor and Review - ICS |
A.14 Risk monitoring and reporting |
Input data |
|
IT Monitor and Review - ICS |
Data Port |
Mapping Target |
|
IT Monitor and Review - ICS |
Data Port |
Mapping Target |
|
IT Risk Treatment |
A.11 Implementation of action plan |
Output data |
|
IT Risk Treatment - CGF |
A.11 Implementation of action plan |
Output data |
|
IT Risk Treatment - ERM |
A.11 Implementation of action plan |
Output data |
|
IT Risk Treatment - ICS |
A.11 Implementation of action plan |
Output data |
D3 Relevant legal info |
IT Definition of Scope and Framework - CGF |
Data Port-164735 |
Mapping Target |
|
IT Definition of Scope and Framework - CGF |
Data Port-164735 |
Mapping Target |
|
IT Definition of Scope and Framework - ICS |
A.1 Definition of external environment |
Input data |
D40 Overview of costs |
IT Risk Treatment |
A.11 Implementation of action plan |
Output data |
|
IT Risk Treatment - CGF |
A.11 Implementation of action plan |
Output data |
|
IT Risk Treatment - ERM |
A.11 Implementation of action plan |
Output data |
|
IT Risk Treatment - ICS |
A.11 Implementation of action plan |
Output data |
D41 Past risk treatment dec. |
IT Monitor and Review |
A.14 Risk monitoring and reporting |
Input data |
|
IT Monitor and Review - CGF |
A.14 Risk monitoring and reporting |
Input data |
|
IT Monitor and Review - ERM |
A.14 Risk monitoring and reporting |
Input data |
|
IT Monitor and Review - ICS |
A.14 Risk monitoring and reporting |
Input data |
|
IT Risk Acceptance |
A.13 Risk acceptance |
Output data |
|
IT Risk Acceptance - CGF |
A.13 Risk acceptance |
Output data |
|
IT Risk Acceptance - ERM |
A.13 Risk acceptance |
Output data |
|
IT Risk Acceptance - ICS |
A.13 Risk acceptance |
Output data |
D42 Reporting on incidents |
IT Risk Communication |
A.15 Risk communication - risk awareness - consulting |
Input data |
|
IT Risk Communication - CGF |
A.15 Risk communication - risk awareness - consulting |
Input data |
|
IT Risk Communication - ERM |
A.15 Risk communication - risk awareness - consulting |
Input data |
|
IT Risk Communication - ICS |
A.15 Risk communication - risk awareness - consulting |
Input data |
D43 Risk treatment plan info req. |
IT Risk Communication |
A.15 Risk communication - risk awareness - consulting |
Input data |
|
IT Risk Communication - CGF |
A.15 Risk communication - risk awareness - consulting |
Input data |
|
IT Risk Communication - ERM |
A.15 Risk communication - risk awareness - consulting |
Input data |
|
IT Risk Communication - ICS |
A.15 Risk communication - risk awareness - consulting |
Input data |
D44 Relevant sources info |
IT Risk Communication |
A.15 Risk communication - risk awareness - consulting |
Input data |
|
IT Risk Communication - CGF |
A.15 Risk communication - risk awareness - consulting |
Input data |
|
IT Risk Communication - ERM |
A.15 Risk communication - risk awareness - consulting |
Input data |
|
IT Risk Communication - ICS |
A.15 Risk communication - risk awareness - consulting |
Input data |
D45 Consulting reports |
IT Risk Communication |
A.15 Risk communication - risk awareness - consulting |
Input data |
|
IT Risk Communication - CGF |
A.15 Risk communication - risk awareness - consulting |
Input data |
|
IT Risk Communication - ERM |
A.15 Risk communication - risk awareness - consulting |
Input data |
|
IT Risk Communication - ICS |
A.15 Risk communication - risk awareness - consulting |
Input data |
D47 Communication to partners |
Information & communication ICS ERM |
Inf1 |
Data |
|
Information & communication ICS ERM |
Provide actionable information DP |
Mapping Source |
|
IT Risk Communication |
A.15 Risk communication - risk awareness - consulting |
Output data |
|
IT Risk Communication - CGF |
A.15 Risk communication - risk awareness - consulting |
Output data |
|
IT Risk Communication - ERM |
A.15 Risk communication - risk awareness - consulting |
Output data |
|
IT Risk Communication - ICS |
A.15 Risk communication - risk awareness - consulting |
Output data |
|
IT Risk Communication - ICS |
Exchange Data1 |
Data |
D48 Info for stakeholders |
Information & communication ICS ERM |
Inf1 |
Data |
|
Information & communication ICS ERM |
Provide actionable information DP |
Mapping Source |
|
IT Risk Communication |
A.15 Risk communication - risk awareness - consulting |
Output data |
|
IT Risk Communication - CGF |
A.15 Risk communication - risk awareness - consulting |
Output data |
|
IT Risk Communication - ERM |
A.15 Risk communication - risk awareness - consulting |
Output data |
|
IT Risk Communication - ICS |
A.15 Risk communication - risk awareness - consulting |
Output data |
|
IT Risk Communication - ICS |
A.15 Risk communication - risk awareness - consulting DP |
Mapping Target |
|
IT Risk Communication - ICS |
Exchange Data1 |
Data |
D49 Consulting requests |
IT Risk Communication |
A.15 Risk communication - risk awareness - consulting |
Output data |
|
IT Risk Communication - CGF |
A.15 Risk communication - risk awareness - consulting |
Output data |
|
IT Risk Communication - ERM |
A.15 Risk communication - risk awareness - consulting |
Output data |
|
IT Risk Communication - ICS |
A.15 Risk communication - risk awareness - consulting |
Output data |
D4 Environment info |
IT Definition of Scope and Framework - ICS |
A.1 Definition of external environment |
Input data |
D50 Risk communication plan |
Information & communication ICS ERM |
Inf1 |
Data |
|
Information & communication ICS ERM |
Provide actionable information DP |
Mapping Source |
|
IT Risk Communication |
A.15 Risk communication - risk awareness - consulting |
Output data |
|
IT Risk Communication - CGF |
A.15 Risk communication - risk awareness - consulting |
Output data |
|
IT Risk Communication - ERM |
A.15 Risk communication - risk awareness - consulting |
Output data |
|
IT Risk Communication - ICS |
A.15 Risk communication - risk awareness - consulting |
Output data |
|
IT Risk Communication - ICS |
Exchange Data1 |
Data |
D51 Strategy on organization |
IT Definition of Scope and Framework |
A.2 Definition of internal environment |
Input data |
|
IT Definition of Scope and Framework - CGF |
A.2 Definition of internal environment |
Input data |
|
IT Definition of Scope and Framework - CGF |
Data Port |
Mapping Target |
|
IT Definition of Scope and Framework - ERM |
A.2 Definition of internal environment |
Input data |
|
IT Definition of Scope and Framework - ERM |
Data Port-135201 |
Mapping Target |
|
IT Definition of Scope and Framework - ICS |
A.2 Definition of internal environment |
Input data |
|
IT Definition of Scope and Framework - ICS |
Data Port |
Mapping Target |
|
IT Definition of Scope and Framework - ICS |
Data Port |
Mapping Target |
|
IT Definition of Scope and Framework - ICS |
Data Port |
Mapping Target |
|
IT Definition of Scope and Framework - ICS |
Data Port |
Mapping Target |
D52 Desc. internal stakeholders |
IT Definition of Scope and Framework |
A.2 Definition of internal environment |
Input data |
|
IT Definition of Scope and Framework - CGF |
A.2 Definition of internal environment |
Input data |
|
IT Definition of Scope and Framework - ERM |
A.2 Definition of internal environment |
Input data |
|
IT Definition of Scope and Framework - ICS |
A.2 Definition of internal environment |
Input data |
D53 Assets (resources) |
IT Definition of Scope and Framework |
A.2 Definition of internal environment |
Input data |
|
IT Definition of Scope and Framework - CGF |
A.2 Definition of internal environment |
Input data |
|
IT Definition of Scope and Framework - CGF |
Data Port |
Mapping Target |
|
IT Definition of Scope and Framework - CGF |
Data Port |
Mapping Target |
|
IT Definition of Scope and Framework - CGF |
Data Port |
Mapping Target |
|
IT Definition of Scope and Framework - CGF |
Data Port |
Mapping Target |
|
IT Definition of Scope and Framework - CGF |
Data Port |
Mapping Target |
|
IT Definition of Scope and Framework - CGF |
Data Port |
Mapping Target |
|
IT Definition of Scope and Framework - CGF |
Data Port |
Mapping Target |
|
IT Definition of Scope and Framework - CGF |
Data Port |
Mapping Target |
|
IT Definition of Scope and Framework - CGF |
Data Port |
Mapping Target |
|
IT Definition of Scope and Framework - CGF |
Data Port |
Mapping Target |
|
IT Definition of Scope and Framework - CGF |
Data Port |
Mapping Target |
|
IT Definition of Scope and Framework - ERM |
A.2 Definition of internal environment |
Input data |
|
IT Definition of Scope and Framework - ERM |
Data Port-135201 |
Mapping Target |
|
IT Definition of Scope and Framework - ICS |
A.2 Definition of internal environment |
Input data |
|
IT Definition of Scope and Framework - ICS |
Data Port |
Mapping Target |
|
IT Definition of Scope and Framework - ICS |
Data Port |
Mapping Target |
|
IT Definition of Scope and Framework - ICS |
Data Port |
Mapping Target |
|
IT Definition of Scope and Framework - ICS |
Data Port |
Mapping Target |
|
IT Definition of Scope and Framework - ICS |
Data Port |
Mapping Target |
|
IT Definition of Scope and Framework - ICS |
Data Port |
Mapping Target |
D54 Desc. internal roles |
Analyse internal environment ICS ERM |
Ana11 |
Data |
|
Analyse internal environment ICS ERM |
Create common view on enterprise risk management philosophy DP |
Mapping Source |
|
IT Definition of Scope and Framework |
A.2 Definition of internal environment |
Output data |
|
IT Definition of Scope and Framework - CGF |
A.2 Definition of internal environment |
Output data |
|
IT Definition of Scope and Framework - CGF |
Data Port |
Mapping Target |
|
IT Definition of Scope and Framework - CGF |
Exchange Data4 |
Data |
|
IT Definition of Scope and Framework - ERM |
A.2 Definition of internal environment |
Output data |
|
IT Definition of Scope and Framework - ICS |
A.2 Definition of internal environment |
Output data |
|
IT Definition of Scope and Framework - ICS |
Exchange Data9 |
Data |
|
Perform Governance Framework gap analysis |
Per5 |
Data |
D55 Desc. main processes |
Analyse internal environment ICS ERM |
Ana11 |
Data |
|
Analyse internal environment ICS ERM |
Create common view on enterprise risk management philosophy DP |
Mapping Source |
|
IT Definition of Scope and Framework |
A.2 Definition of internal environment |
Output data |
|
IT Definition of Scope and Framework - CGF |
A.2 Definition of internal environment |
Output data |
|
IT Definition of Scope and Framework - CGF |
Exchange Data4 |
Data |
|
IT Definition of Scope and Framework - ERM |
A.2 Definition of internal environment |
Output data |
|
IT Definition of Scope and Framework - ICS |
A.2 Definition of internal environment |
Output data |
|
IT Definition of Scope and Framework - ICS |
Exchange Data9 |
Data |
|
Perform Governance Framework gap analysis |
Analyse AS-IS state in IT DP |
Mapping Source |
|
Perform Governance Framework gap analysis |
Analyse AS-IS state in processes DP |
Mapping Source |
|
Perform Governance Framework gap analysis |
Per4 |
Data |
D56 Desc. internal assets |
Analyse internal environment ICS ERM |
Ana11 |
Data |
|
Analyse internal environment ICS ERM |
Create common view on enterprise risk management philosophy DP |
Mapping Source |
|
IT Definition of Scope and Framework |
A.2 Definition of internal environment |
Output data |
|
IT Definition of Scope and Framework |
A.3 Generation of risk management context |
Input data |
|
IT Definition of Scope and Framework - CGF |
A.2 Definition of internal environment |
Output data |
|
IT Definition of Scope and Framework - CGF |
A.3 Generation of risk management context |
Input data |
|
IT Definition of Scope and Framework - CGF |
Exchange Data4 |
Data |
|
IT Definition of Scope and Framework - ERM |
A.2 Definition of internal environment |
Output data |
|
IT Definition of Scope and Framework - ERM |
A.3 Generation of risk management context |
Input data |
|
IT Definition of Scope and Framework - ICS |
A.2 Definition of internal environment |
Output data |
|
IT Definition of Scope and Framework - ICS |
A.3 Generation of risk management context |
Input data |
|
IT Definition of Scope and Framework - ICS |
Exchange Data9 |
Data |
|
Perform Governance Framework gap analysis |
Per6 |
Data |
D57 Desc. rel. BPs and assets |
Analyse internal environment ICS ERM |
Ana11 |
Data |
|
Analyse internal environment ICS ERM |
Create common view on enterprise risk management philosophy DP |
Mapping Source |
|
Assess IT environment ICS |
Asse2 |
Data |
|
Assess IT environment ICS |
Asses IT environment DP |
Mapping Source |
|
IT Definition of Scope and Framework |
A.2 Definition of internal environment |
Output data |
|
IT Definition of Scope and Framework - CGF |
A.2 Definition of internal environment |
Output data |
|
IT Definition of Scope and Framework - CGF |
Data Port |
Mapping Target |
|
IT Definition of Scope and Framework - CGF |
Exchange Data4 |
Data |
|
IT Definition of Scope and Framework - ERM |
A.2 Definition of internal environment |
Output data |
|
IT Definition of Scope and Framework - ICS |
A.2 Definition of internal environment |
Output data |
|
IT Definition of Scope and Framework - ICS |
Exchange Data9 |
Data |
|
Perform Governance Framework gap analysis |
Analyse AS-IS state in IT DP |
Mapping Source |
|
Perform Governance Framework gap analysis |
Analyse AS-IS state in processes DP |
Mapping Source |
|
Perform Governance Framework gap analysis |
Per4 |
Data |
|
Perform Governance Framework gap analysis |
Per6 |
Data |
D58 List of strategies |
Analyse internal environment ICS ERM |
Agree level of risk appetite DP |
Mapping Source |
|
Analyse internal environment ICS ERM |
Ana11 |
Data |
|
Analyse internal environment ICS ERM |
Create common view on enterprise risk management philosophy DP |
Mapping Source |
|
Evaluate Framework implementation scenarios |
Align road map with company strategy DP |
Mapping Source |
|
Evaluate Framework implementation scenarios |
Eva4 |
Data |
|
IT Definition of Scope and Framework |
A.2 Definition of internal environment |
Output data |
|
IT Definition of Scope and Framework - CGF |
A.2 Definition of internal environment |
Output data |
|
IT Definition of Scope and Framework - CGF |
Exchange Data2 |
Data |
|
IT Definition of Scope and Framework - ERM |
A.2 Definition of internal environment |
Output data |
|
IT Definition of Scope and Framework - ICS |
A.2 Definition of internal environment |
Output data |
|
IT Definition of Scope and Framework - ICS |
Exchange Data9 |
Data |
|
Set objective ICS ERM |
Establish strategic objectives DP |
Mapping Source |
|
Set objective ICS ERM |
Set1 |
Data |
D59 Risk appetite or tolerance |
Analyse internal environment ICS ERM |
Agree level of risk appetite DP |
Mapping Source |
|
Analyse internal environment ICS ERM |
Ana11 |
Data |
|
IT Definition of Scope and Framework |
A.2 Definition of internal environment |
Output data |
|
IT Definition of Scope and Framework - CGF |
A.2 Definition of internal environment |
Output data |
|
IT Definition of Scope and Framework - ERM |
A.2 Definition of internal environment |
Output data |
|
IT Definition of Scope and Framework - ICS |
A.2 Definition of internal environment |
Output data |
|
IT Definition of Scope and Framework - ICS |
Exchange Data9 |
Data |
|
Set objective ICS ERM |
Align with strategy and risk appetite DP |
Mapping Source |
|
Set objective ICS ERM |
Set1 |
Data |
|
Set objective ICS ERM |
Set risk tolerances DP |
Mapping Source |
D5 External stakeholder info |
IT Definition of Scope and Framework - ICS |
A.1 Definition of external environment |
Input data |
D60 Rules for impact acceptance |
IT Definition of Scope and Framework |
A.4 Formulation of impact limit criteria |
Input data |
|
IT Definition of Scope and Framework - CGF |
A.4 Formulation of impact limit criteria |
Input data |
|
IT Definition of Scope and Framework - ERM |
A.4 Formulation of impact limit criteria |
Input data |
|
IT Definition of Scope and Framework - ICS |
A.4 Formulation of impact limit criteria |
Input data |
D61 Asset classification |
IT Definition of Scope and Framework |
A.4 Formulation of impact limit criteria |
Input data |
|
IT Definition of Scope and Framework - CGF |
A.4 Formulation of impact limit criteria |
Input data |
|
IT Definition of Scope and Framework - ERM |
A.4 Formulation of impact limit criteria |
Input data |
|
IT Definition of Scope and Framework - ICS |
A.4 Formulation of impact limit criteria |
Input data |
D62 Assessment activities criteria |
IT Definition of Scope and Framework |
A.4 Formulation of impact limit criteria |
Output data |
|
IT Definition of Scope and Framework - CGF |
A.4 Formulation of impact limit criteria |
Output data |
|
IT Definition of Scope and Framework - ERM |
A.4 Formulation of impact limit criteria |
Output data |
|
IT Definition of Scope and Framework - ICS |
A.4 Formulation of impact limit criteria |
Output data |
|
IT Risk Assessment |
A.7 Evaluation of risks |
Input data |
|
IT Risk Assessment - CGF |
A.7 Evaluation of risks |
Input data |
|
IT Risk Assessment - ERM |
A.7 Evaluation of risks |
Input data |
|
IT Risk Assessment - ICS |
A.7 Evaluation of risks |
Input data |
|
IT Risk Treatment |
A.8 Identification of options |
Input data |
|
IT Risk Treatment - CGF |
A.8 Identification of options |
Input data |
|
IT Risk Treatment - ERM |
A.8 Identification of options |
Input data |
|
IT Risk Treatment - ICS |
A.8 Identification of options |
Input data |
D63 Asset class. scheme |
IT Definition of Scope and Framework |
A.4 Formulation of impact limit criteria |
Output data |
|
IT Definition of Scope and Framework - CGF |
A.4 Formulation of impact limit criteria |
Output data |
|
IT Definition of Scope and Framework - ERM |
A.4 Formulation of impact limit criteria |
Output data |
|
IT Definition of Scope and Framework - ICS |
A.4 Formulation of impact limit criteria |
Output data |
|
IT Risk Assessment |
A.6 Analysis of relevant risks |
Input data |
|
IT Risk Assessment |
A.7 Evaluation of risks |
Input data |
|
IT Risk Assessment - CGF |
A.6 Analysis of relevant risks |
Input data |
|
IT Risk Assessment - CGF |
A.7 Evaluation of risks |
Input data |
|
IT Risk Assessment - ERM |
A.6 Analysis of relevant risks |
Input data |
|
IT Risk Assessment - ERM |
A.7 Evaluation of risks |
Input data |
|
IT Risk Assessment - ICS |
A.6 Analysis of relevant risks |
Input data |
|
IT Risk Assessment - ICS |
A.7 Evaluation of risks |
Input data |
D64 Relevant detailed assets |
IT Risk Assessment |
A.6 Analysis of relevant risks |
Input data |
|
IT Risk Assessment - CGF |
A.6 Analysis of relevant risks |
Input data |
|
IT Risk Assessment - ERM |
A.6 Analysis of relevant risks |
Input data |
|
IT Risk Assessment - ICS |
A.6 Analysis of relevant risks |
Input data |
D65 Risk limits |
IT Risk Assessment |
A.6 Analysis of relevant risks |
Input data |
|
IT Risk Assessment - CGF |
A.6 Analysis of relevant risks |
Input data |
|
IT Risk Assessment - ERM |
A.6 Analysis of relevant risks |
Input data |
|
IT Risk Assessment - ICS |
A.6 Analysis of relevant risks |
Input data |
D66 Existing controls |
IT Risk Assessment |
A.6 Analysis of relevant risks |
Input data |
|
IT Risk Assessment - CGF |
A.6 Analysis of relevant risks |
Input data |
|
IT Risk Assessment - ERM |
A.6 Analysis of relevant risks |
Input data |
|
IT Risk Assessment - ICS |
A.6 Analysis of relevant risks |
Input data |
D67 Classified assets |
IT Risk Assessment |
A.6 Analysis of relevant risks |
Output data |
|
IT Risk Assessment |
A.7 Evaluation of risks |
Input data |
|
IT Risk Assessment - CGF |
A.6 Analysis of relevant risks |
Output data |
|
IT Risk Assessment - CGF |
A.7 Evaluation of risks |
Input data |
|
IT Risk Assessment - ERM |
A.6 Analysis of relevant risks |
Output data |
|
IT Risk Assessment - ERM |
A.7 Evaluation of risks |
Input data |
|
IT Risk Assessment - ICS |
A.6 Analysis of relevant risks |
Output data |
|
IT Risk Assessment - ICS |
A.7 Evaluation of risks |
Input data |
D68 Threats relative to assets |
IT Risk Assessment |
A.6 Analysis of relevant risks |
Output data |
|
IT Risk Assessment |
A.7 Evaluation of risks |
Input data |
|
IT Risk Assessment - CGF |
A.6 Analysis of relevant risks |
Output data |
|
IT Risk Assessment - CGF |
A.7 Evaluation of risks |
Input data |
|
IT Risk Assessment - ERM |
A.6 Analysis of relevant risks |
Output data |
|
IT Risk Assessment - ERM |
A.7 Evaluation of risks |
Input data |
|
IT Risk Assessment - ICS |
A.6 Analysis of relevant risks |
Output data |
|
IT Risk Assessment - ICS |
A.7 Evaluation of risks |
Input data |
D69 Controls relative to assets |
IT Risk Assessment |
A.6 Analysis of relevant risks |
Output data |
|
IT Risk Assessment |
A.7 Evaluation of risks |
Input data |
|
IT Risk Assessment - CGF |
A.6 Analysis of relevant risks |
Output data |
|
IT Risk Assessment - CGF |
A.7 Evaluation of risks |
Input data |
|
IT Risk Assessment - ERM |
A.6 Analysis of relevant risks |
Output data |
|
IT Risk Assessment - ERM |
A.7 Evaluation of risks |
Input data |
|
IT Risk Assessment - ICS |
A.6 Analysis of relevant risks |
Output data |
|
IT Risk Assessment - ICS |
A.7 Evaluation of risks |
Input data |
D6 External environment recs |
IT Definition of Scope and Framework |
A.1 Definition of external environment |
Output data |
|
IT Definition of Scope and Framework - CGF |
A.1 Definition of external environment |
Output data |
|
IT Definition of Scope and Framework - ERM |
A.1 Definition of external environment |
Output data |
|
IT Definition of Scope and Framework - ICS |
A.1 Definition of external environment |
Output data |
D70 Impacts relative to assets |
IT Risk Assessment |
A.6 Analysis of relevant risks |
Output data |
|
IT Risk Assessment |
A.7 Evaluation of risks |
Input data |
|
IT Risk Assessment - CGF |
A.6 Analysis of relevant risks |
Output data |
|
IT Risk Assessment - CGF |
A.7 Evaluation of risks |
Input data |
|
IT Risk Assessment - ERM |
A.6 Analysis of relevant risks |
Output data |
|
IT Risk Assessment - ERM |
A.7 Evaluation of risks |
Input data |
|
IT Risk Assessment - ICS |
A.6 Analysis of relevant risks |
Output data |
|
IT Risk Assessment - ICS |
A.7 Evaluation of risks |
Input data |
D71 Risks relative to assets |
IT Risk Assessment |
A.6 Analysis of relevant risks |
Output data |
|
IT Risk Assessment |
A.7 Evaluation of risks |
Input data |
|
IT Risk Assessment - CGF |
A.6 Analysis of relevant risks |
Output data |
|
IT Risk Assessment - CGF |
A.7 Evaluation of risks |
Input data |
|
IT Risk Assessment - ERM |
A.6 Analysis of relevant risks |
Output data |
|
IT Risk Assessment - ERM |
A.7 Evaluation of risks |
Input data |
|
IT Risk Assessment - ICS |
A.6 Analysis of relevant risks |
Output data |
|
IT Risk Assessment - ICS |
A.7 Evaluation of risks |
Input data |
D72 Risks relative to asset groups |
IT Risk Assessment |
A.6 Analysis of relevant risks |
Output data |
|
IT Risk Assessment |
A.7 Evaluation of risks |
Input data |
|
IT Risk Assessment - CGF |
A.6 Analysis of relevant risks |
Output data |
|
IT Risk Assessment - CGF |
A.7 Evaluation of risks |
Input data |
|
IT Risk Assessment - ERM |
A.6 Analysis of relevant risks |
Output data |
|
IT Risk Assessment - ERM |
A.7 Evaluation of risks |
Input data |
|
IT Risk Assessment - ICS |
A.6 Analysis of relevant risks |
Output data |
|
IT Risk Assessment - ICS |
A.7 Evaluation of risks |
Input data |
D73 Risk treatment options |
IT Risk Treatment |
A.8 Identification of options |
Input data |
|
IT Risk Treatment - CGF |
A.8 Identification of options |
Input data |
|
IT Risk Treatment - ERM |
A.8 Identification of options |
Input data |
|
IT Risk Treatment - ICS |
A.8 Identification of options |
Input data |
D74 Risk limits for criteria |
IT Risk Treatment |
A.8 Identification of options |
Input data |
|
IT Risk Treatment - CGF |
A.8 Identification of options |
Input data |
|
IT Risk Treatment - ERM |
A.8 Identification of options |
Input data |
|
IT Risk Treatment - ICS |
A.8 Identification of options |
Input data |
D75 Class. risk treatment options |
Define risk response ICS ERM |
Def1 |
Data |
|
Define risk response ICS ERM |
Identify risk responses DP |
Mapping Source |
|
IT Risk Treatment |
A.8 Identification of options |
Output data |
|
IT Risk Treatment |
A.9 Development of action plan |
Input data |
|
IT Risk Treatment - CGF |
A.8 Identification of options |
Output data |
|
IT Risk Treatment - CGF |
A.9 Development of action plan |
Input data |
|
IT Risk Treatment - ERM |
A.8 Identification of options |
Output data |
|
IT Risk Treatment - ERM |
A.9 Development of action plan |
Input data |
|
IT Risk Treatment - ICS |
A.8 Identification of options |
Output data |
|
IT Risk Treatment - ICS |
A.9 Development of action plan |
Input data |
|
IT Risk Treatment - ICS |
Exchange Data2 |
Data |
D76 Presentation techniques |
IT Risk Treatment |
A.10 Approval of action plan |
Input data |
|
IT Risk Treatment - CGF |
A.10 Approval of action plan |
Input data |
|
IT Risk Treatment - ERM |
A.10 Approval of action plan |
Input data |
|
IT Risk Treatment - ICS |
A.10 Approval of action plan |
Input data |
D77 Approved Activity Lists |
Assess and evaluate IT risks ICS |
Asse2 |
Data |
|
Assess and evaluate IT risks ICS |
Evaluate risks for IT service(s) DP |
Mapping Source |
|
Define business controls ICS |
Def1 |
Data |
|
Define business controls ICS |
Evaluate applicable types of control activities DP |
Mapping Source |
|
Define IT controls ICS |
Def1 |
Data |
|
Define IT controls ICS |
Identify IT control requirements DP |
Mapping Source |
|
Define risk response ICS ERM |
Def2 |
Data |
|
Define risk response ICS ERM |
Develop implementation plan DP |
Mapping Source |
|
Design IT service |
Des1 |
Data |
|
Design IT service |
Evaluate implementation scenarios DP |
Mapping Source |
|
Develop projects plans |
Dev4 |
Data |
|
Develop projects plans |
Split implement. into smaller projects DP |
Mapping Source |
|
Establish control activities ICS ERM |
Est1 |
Data |
|
Establish control activities ICS ERM |
Establish entity specific controls DP |
Mapping Source |
|
Evaluate Framework implementation scenarios |
Develop different imp. scenarios DP |
Mapping Source |
|
Evaluate Framework implementation scenarios |
Eva3 |
Data |
|
IT Risk Acceptance - ICS |
Exchange Data1 |
Data |
|
IT Risk Treatment |
A.10 Approval of action plan |
Output data |
|
IT Risk Treatment |
A.11 Implementation of action plan |
Input data |
|
IT Risk Treatment - CGF |
A.10 Approval of action plan |
Output data |
|
IT Risk Treatment - CGF |
A.11 Implementation of action plan |
Input data |
|
IT Risk Treatment - CGF |
Exchange Data1 |
Data |
|
IT Risk Treatment - ERM |
A.10 Approval of action plan |
Output data |
|
IT Risk Treatment - ERM |
A.11 Implementation of action plan |
Input data |
|
IT Risk Treatment - ICS |
A.10 Approval of action plan |
Output data |
|
IT Risk Treatment - ICS |
A.11 Implementation of action plan |
Input data |
D78 Evaluated residual risks |
IT Risk Acceptance |
A.13 Risk acceptance |
Input data |
|
IT Risk Acceptance - CGF |
A.13 Risk acceptance |
Input data |
|
IT Risk Acceptance - ERM |
A.13 Risk acceptance |
Input data |
|
IT Risk Acceptance - ICS |
A.13 Risk acceptance |
Input data |
|
IT Risk Treatment |
A.12 Identification of residual risks |
Output data |
|
IT Risk Treatment - CGF |
A.12 Identification of residual risks |
Output data |
|
IT Risk Treatment - ERM |
A.12 Identification of residual risks |
Output data |
|
IT Risk Treatment - ICS |
A.12 Identification of residual risks |
Output data |
D79 External ref. docs |
IT Monitor and Review |
A.14 Risk monitoring and reporting |
Input data |
|
IT Monitor and Review - CGF |
A.14 Risk monitoring and reporting |
Input data |
|
IT Monitor and Review - ERM |
A.14 Risk monitoring and reporting |
Input data |
|
IT Monitor and Review - ICS |
A.14 Risk monitoring and reporting |
Input data |
D7 Laws and regulations |
IT Definition of Scope and Framework |
A.1 Definition of external environment |
Output data |
|
IT Definition of Scope and Framework - CGF |
A.1 Definition of external environment |
Output data |
|
IT Definition of Scope and Framework - CGF |
Exchange Data10 |
Data |
|
IT Definition of Scope and Framework - ERM |
A.1 Definition of external environment |
Output data |
|
IT Definition of Scope and Framework - ICS |
A.1 Definition of external environment |
Output data |
|
Monitor changes in Governance Frameworks |
Mon1 |
Data |
|
Monitor changes in Governance Frameworks |
Monitor changes in best practices DP |
Mapping Source |
D80 Add. internal ref. docs |
IT Monitor and Review |
A.14 Risk monitoring and reporting |
Input data |
|
IT Monitor and Review - CGF |
A.14 Risk monitoring and reporting |
Input data |
|
IT Monitor and Review - ERM |
A.14 Risk monitoring and reporting |
Input data |
|
IT Monitor and Review - ICS |
A.14 Risk monitoring and reporting |
Input data |
D81 Security policies |
IT Monitor and Review |
A.14 Risk monitoring and reporting |
Input data |
|
IT Monitor and Review - CGF |
A.14 Risk monitoring and reporting |
Input data |
|
IT Monitor and Review - ERM |
A.14 Risk monitoring and reporting |
Input data |
|
IT Monitor and Review - ICS |
A.14 Risk monitoring and reporting |
Input data |
D82 Incidents reports |
IT Monitor and Review |
A.14 Risk monitoring and reporting |
Input data |
|
IT Monitor and Review - CGF |
A.14 Risk monitoring and reporting |
Input data |
|
IT Monitor and Review - ERM |
A.14 Risk monitoring and reporting |
Input data |
|
IT Monitor and Review - ICS |
A.14 Risk monitoring and reporting |
Input data |
D83 Internal stakeh. events |
Collect event details ICS |
Col1 |
Data |
|
Collect event details ICS |
Record event details DP |
Mapping Source |
|
Disclose required information |
Disclose required information DP |
Mapping Source |
|
Disclose required information |
Exchange Data1 |
Data |
|
IT Monitor and Review |
A.14 Risk monitoring and reporting |
Output data |
|
IT Monitor and Review - CGF |
A.14 Risk monitoring and reporting |
Output data |
|
IT Monitor and Review - CGF |
Exchange Data3 |
Data |
|
IT Monitor and Review - ERM |
A.14 Risk monitoring and reporting |
Output data |
|
IT Monitor and Review - ICS |
A.14 Risk monitoring and reporting |
Output data |
|
IT Monitor and Review - ICS |
Exchange Data5 |
Data |
|
IT Risk Treatment |
A.12 Identification of residual risks |
Input data |
|
IT Risk Treatment - CGF |
A.12 Identification of residual risks |
Input data |
|
IT Risk Treatment - ERM |
A.12 Identification of residual risks |
Input data |
|
IT Risk Treatment - ICS |
A.12 Identification of residual risks |
Input data |
D84 External parties events |
Collect event details ICS |
Col1 |
Data |
|
Collect event details ICS |
Record event details DP |
Mapping Source |
|
Disclose required information |
Disclose required information DP |
Mapping Source |
|
Disclose required information |
Exchange Data1 |
Data |
|
IT Monitor and Review |
A.14 Risk monitoring and reporting |
Output data |
|
IT Monitor and Review - CGF |
A.14 Risk monitoring and reporting |
Output data |
|
IT Monitor and Review - CGF |
Exchange Data3 |
Data |
|
IT Monitor and Review - ERM |
A.14 Risk monitoring and reporting |
Output data |
|
IT Monitor and Review - ICS |
A.14 Risk monitoring and reporting |
Output data |
|
IT Monitor and Review - ICS |
Exchange Data5 |
Data |
D85 Internal indicators |
Disclose required information |
Disclose required information DP |
Mapping Source |
|
Disclose required information |
Exchange Data1 |
Data |
|
IT Monitor and Review |
A.14 Risk monitoring and reporting |
Output data |
|
IT Monitor and Review - CGF |
A.14 Risk monitoring and reporting |
Output data |
|
IT Monitor and Review - CGF |
Exchange Data3 |
Data |
|
IT Monitor and Review - ERM |
A.14 Risk monitoring and reporting |
Output data |
|
IT Monitor and Review - ICS |
A.14 Risk monitoring and reporting |
Output data |
D86 Cost indicators |
IT Monitor and Review |
A.14 Risk monitoring and reporting |
Output data |
|
IT Monitor and Review - CGF |
A.14 Risk monitoring and reporting |
Output data |
|
IT Monitor and Review - ERM |
A.14 Risk monitoring and reporting |
Output data |
|
IT Monitor and Review - ICS |
A.14 Risk monitoring and reporting |
Output data |
|
IT Risk Treatment |
A.11 Implementation of action plan |
Input data |
|
IT Risk Treatment - CGF |
A.11 Implementation of action plan |
Input data |
|
IT Risk Treatment - ERM |
A.11 Implementation of action plan |
Input data |
|
IT Risk Treatment - ICS |
A.11 Implementation of action plan |
Input data |
D8 Applicable rules |
IT Definition of Scope and Framework |
A.1 Definition of external environment |
Output data |
|
IT Definition of Scope and Framework |
A.2 Definition of internal environment |
Input data |
|
IT Definition of Scope and Framework - CGF |
A.1 Definition of external environment |
Output data |
|
IT Definition of Scope and Framework - CGF |
A.2 Definition of internal environment |
Input data |
|
IT Definition of Scope and Framework - CGF |
Data Port-164735-168020 |
Mapping Target |
|
IT Definition of Scope and Framework - CGF |
Data Port-164735-168020 |
Mapping Target |
|
IT Definition of Scope and Framework - CGF |
Exchange Data10 |
Data |
|
IT Definition of Scope and Framework - ERM |
A.1 Definition of external environment |
Output data |
|
IT Definition of Scope and Framework - ERM |
A.2 Definition of internal environment |
Input data |
|
IT Definition of Scope and Framework - ICS |
A.1 Definition of external environment |
Output data |
|
IT Definition of Scope and Framework - ICS |
A.2 Definition of internal environment |
Input data |
|
Monitor changes in Governance Frameworks |
Mon1 |
Data |
|
Monitor changes in Governance Frameworks |
Monitor changes in best practices DP |
Mapping Source |
D9 Process dependencies |
IT Definition of Scope and Framework |
A.3 Generation of risk management context |
Input data |
|
IT Definition of Scope and Framework - CGF |
A.3 Generation of risk management context |
Input data |
|
IT Definition of Scope and Framework - ERM |
A.3 Generation of risk management context |
Input data |
|
IT Definition of Scope and Framework - ICS |
A.3 Generation of risk management context |
Input data |