Object Referenced from model Referenced from object Referenced from attribute
D10 Target object scope IT Definition of Scope and Framework A.3 Generation of risk management context Input data
IT Definition of Scope and Framework - CGF A.3 Generation of risk management context Input data
IT Definition of Scope and Framework - ERM A.3 Generation of risk management context Input data
IT Definition of Scope and Framework - ICS A.3 Generation of risk management context Input data
D11 Assessment scope IT Definition of Scope and Framework A.3 Generation of risk management context Input data
IT Definition of Scope and Framework - CGF A.3 Generation of risk management context Input data
IT Definition of Scope and Framework - ERM A.3 Generation of risk management context Input data
IT Definition of Scope and Framework - ICS A.3 Generation of risk management context Input data
D12 Role defs. for assessment IT Definition of Scope and Framework A.3 Generation of risk management context Input data
IT Definition of Scope and Framework - CGF A.3 Generation of risk management context Input data
IT Definition of Scope and Framework - ERM A.3 Generation of risk management context Input data
IT Definition of Scope and Framework - ICS A.3 Generation of risk management context Input data
D13 Assessment plan add. info IT Definition of Scope and Framework - ICS A.3 Generation of risk management context Output data
D14 Role participants IT Definition of Scope and Framework A.3 Generation of risk management context Output data
IT Definition of Scope and Framework - CGF A.3 Generation of risk management context Output data
IT Definition of Scope and Framework - ERM A.3 Generation of risk management context Output data
IT Definition of Scope and Framework - ICS A.3 Generation of risk management context Output data
D15 Add. considered activities IT Definition of Scope and Framework A.3 Generation of risk management context Output data
IT Definition of Scope and Framework - CGF A.3 Generation of risk management context Output data
IT Definition of Scope and Framework - ERM A.3 Generation of risk management context Output data
IT Definition of Scope and Framework - ICS A.3 Generation of risk management context Output data
IT Risk Treatment A.11 Implementation of action plan Input data
IT Risk Treatment - CGF A.11 Implementation of action plan Input data
IT Risk Treatment - ERM A.11 Implementation of action plan Input data
IT Risk Treatment - ICS A.11 Implementation of action plan Input data
D16 Org./proc. to be assessed IT Definition of Scope and Framework A.3 Generation of risk management context Output data
IT Definition of Scope and Framework - CGF A.3 Generation of risk management context Output data
IT Definition of Scope and Framework - ERM A.3 Generation of risk management context Output data
IT Definition of Scope and Framework - ICS A.3 Generation of risk management context Output data
D17 Risk id methodology Assess and evaluate IT risks ICS Asse1 Data
Assess and evaluate IT risks ICS Assess risks in IT service(s) DP Mapping Source
Assess risks ICS ERM Asse2 Data
Assess risks ICS ERM Which estimation method? DP Mapping Source
IT Risk Assessment A.5 Identification of risks Input data
IT Risk Assessment - CGF A.5 Identification of risks Input data
IT Risk Assessment - ERM A.5 Identification of risks Input data
IT Risk Assessment - ICS A.5 Identification of risks Input data
IT Risk Assessment - ICS Exchange Data2 Data
D18 Impact statements IT Risk Assessment A.5 Identification of risks Input data
IT Risk Assessment - CGF A.5 Identification of risks Input data
IT Risk Assessment - ERM A.5 Identification of risks Input data
IT Risk Assessment - ICS A.5 Identification of risks Input data
D19 Historical information IT Risk Assessment A.5 Identification of risks Input data
IT Risk Assessment - CGF A.5 Identification of risks Input data
IT Risk Assessment - ERM A.5 Identification of risks Input data
IT Risk Assessment - ICS A.5 Identification of risks Input data
D1 Market info IT Definition of Scope and Framework - ICS A.1 Definition of external environment Input data
D20 Assessment tools IT Risk Assessment A.5 Identification of risks Input data
IT Risk Assessment - CGF A.5 Identification of risks Input data
IT Risk Assessment - ERM A.5 Identification of risks Input data
IT Risk Assessment - ICS A.5 Identification of risks Input data
D21 Relevant threats Assess and evaluate IT risks ICS Asse1 Data
Assess and evaluate IT risks ICS Assess risks in IT service(s) DP Mapping Source
Assess risks ICS ERM Asse1 Data
Assess risks ICS ERM Identify relevant process risks DP Mapping Source
Identify events ERM Consider range of potential events DP Mapping Source
Identify events ERM Ide1 Data
IT Risk Assessment A.5 Identification of risks Output data
IT Risk Assessment A.6 Analysis of relevant risks Input data
IT Risk Assessment - CGF A.5 Identification of risks Output data
IT Risk Assessment - CGF A.6 Analysis of relevant risks Input data
IT Risk Assessment - ERM A.5 Identification of risks Output data
IT Risk Assessment - ERM A.6 Analysis of relevant risks Input data
IT Risk Assessment - ERM Data Port Mapping Target
IT Risk Assessment - ERM Exchange Data2 Data
IT Risk Assessment - ICS A.5 Identification of risks Output data
IT Risk Assessment - ICS A.6 Analysis of relevant risks Input data
IT Risk Assessment - ICS Data Port Mapping Target
IT Risk Assessment - ICS Data Port Mapping Target
IT Risk Assessment - ICS Exchange Data2 Data
D22 Relevant vulnerabilities Assess and evaluate IT risks ICS Asse1 Data
Assess and evaluate IT risks ICS Assess risks in IT service(s) DP Mapping Source
Assess risks ICS ERM Asse1 Data
Assess risks ICS ERM Identify relevant process risks DP Mapping Source
Identify events ERM Consider range of potential events DP Mapping Source
Identify events ERM Ide1 Data
IT Risk Assessment A.5 Identification of risks Output data
IT Risk Assessment A.6 Analysis of relevant risks Input data
IT Risk Assessment - CGF A.5 Identification of risks Output data
IT Risk Assessment - CGF A.6 Analysis of relevant risks Input data
IT Risk Assessment - ERM A.5 Identification of risks Output data
IT Risk Assessment - ERM A.6 Analysis of relevant risks Input data
IT Risk Assessment - ERM Exchange Data2 Data
IT Risk Assessment - ICS A.5 Identification of risks Output data
IT Risk Assessment - ICS A.6 Analysis of relevant risks Input data
IT Risk Assessment - ICS Exchange Data2 Data
D23 Relevant impacts Assess and evaluate IT risks ICS Asse1 Data
Assess and evaluate IT risks ICS Assess risks in IT service(s) DP Mapping Source
Assess risks ICS ERM Asse3 Data
Assess risks ICS ERM Estimate likelihood and impact DP Mapping Source
Identify events ERM Consider range of potential events DP Mapping Source
Identify events ERM Ide1 Data
IT Risk Assessment A.5 Identification of risks Output data
IT Risk Assessment A.6 Analysis of relevant risks Input data
IT Risk Assessment - CGF A.5 Identification of risks Output data
IT Risk Assessment - CGF A.6 Analysis of relevant risks Input data
IT Risk Assessment - ERM A.5 Identification of risks Output data
IT Risk Assessment - ERM A.6 Analysis of relevant risks Input data
IT Risk Assessment - ERM Exchange Data2 Data
IT Risk Assessment - ICS A.5 Identification of risks Output data
IT Risk Assessment - ICS A.6 Analysis of relevant risks Input data
IT Risk Assessment - ICS Exchange Data2 Data
D24 Values for assets Assess and evaluate IT risks ICS Asse1 Data
Assess and evaluate IT risks ICS Assess risks in IT service(s) DP Mapping Source
Assess risks ICS ERM Asse3 Data
Assess risks ICS ERM Estimate likelihood and impact DP Mapping Source
IT Risk Assessment - ICS Exchange Data2 Data
D25 Identification method doc. IT Risk Assessment A.5 Identification of risks Output data
IT Risk Assessment A.6 Analysis of relevant risks Input data
IT Risk Assessment - CGF A.5 Identification of risks Output data
IT Risk Assessment - CGF A.6 Analysis of relevant risks Input data
IT Risk Assessment - ERM A.5 Identification of risks Output data
IT Risk Assessment - ERM A.6 Analysis of relevant risks Input data
IT Risk Assessment - ICS A.5 Identification of risks Output data
IT Risk Assessment - ICS A.6 Analysis of relevant risks Input data
D26 Likelihood data Assess and evaluate IT risks ICS Asse1 Data
Assess and evaluate IT risks ICS Assess risks in IT service(s) DP Mapping Source
Assess risks ICS ERM Asse3 Data
Assess risks ICS ERM Estimate likelihood and impact DP Mapping Source
IT Risk Assessment A.5 Identification of risks Output data
IT Risk Assessment A.6 Analysis of relevant risks Input data
IT Risk Assessment - CGF A.5 Identification of risks Output data
IT Risk Assessment - CGF A.6 Analysis of relevant risks Input data
IT Risk Assessment - ERM A.5 Identification of risks Output data
IT Risk Assessment - ERM A.6 Analysis of relevant risks Input data
IT Risk Assessment - ICS A.5 Identification of risks Output data
IT Risk Assessment - ICS A.6 Analysis of relevant risks Input data
IT Risk Assessment - ICS Exchange Data2 Data
D27 Disregarded threats just. Assess and evaluate IT risks ICS Asse1 Data
Assess and evaluate IT risks ICS Assess risks in IT service(s) DP Mapping Source
Assess risks ICS ERM Asse1 Data
Assess risks ICS ERM Identify relevant process risks DP Mapping Source
IT Risk Assessment A.5 Identification of risks Output data
IT Risk Assessment A.6 Analysis of relevant risks Input data
IT Risk Assessment - CGF A.5 Identification of risks Output data
IT Risk Assessment - CGF A.6 Analysis of relevant risks Input data
IT Risk Assessment - ERM A.5 Identification of risks Output data
IT Risk Assessment - ERM A.6 Analysis of relevant risks Input data
IT Risk Assessment - ICS A.5 Identification of risks Output data
IT Risk Assessment - ICS A.6 Analysis of relevant risks Input data
IT Risk Assessment - ICS Exchange Data2 Data
D28 Risk treatment decision Assess and evaluate IT risks ICS Asse3 Data
Assess and evaluate IT risks ICS Evaluate risks for IT service(s) DP Mapping Source
Define business controls ICS Def2 Data
Define business controls ICS Evaluate applicable types of control activities DP Mapping Source
Define IT controls ICS Def2 Data
Define IT controls ICS Identify IT control requirements DP Mapping Source
Define risk response ICS ERM Def3 Data
Define risk response ICS ERM Develop implementation plan DP Mapping Source
Design IT service Des2 Data
Design IT service Evaluate implementation scenarios DP Mapping Source
Develop projects plans Dev3 Data
Develop projects plans Split implement. into smaller projects DP Mapping Source
Establish control activities ICS ERM Est2 Data
Establish control activities ICS ERM Establish entity specific controls DP Mapping Source
Evaluate Framework implementation scenarios Develop different imp. scenarios DP Mapping Source
Evaluate Framework implementation scenarios Eva2 Data
IT Monitor and Review A.14 Risk monitoring and reporting Input data
IT Monitor and Review - CGF A.14 Risk monitoring and reporting Input data
IT Monitor and Review - ERM A.14 Risk monitoring and reporting Input data
IT Monitor and Review - ICS A.14 Risk monitoring and reporting Input data
IT Risk Acceptance A.13 Risk acceptance Input data
IT Risk Acceptance - CGF A.13 Risk acceptance Input data
IT Risk Acceptance - CGF Exchange Data1 Data
IT Risk Acceptance - ERM A.13 Risk acceptance Input data
IT Risk Acceptance - ICS A.13 Risk acceptance Input data
IT Risk Assessment A.7 Evaluation of risks Output data
IT Risk Assessment - CGF A.7 Evaluation of risks Output data
IT Risk Assessment - ERM A.7 Evaluation of risks Output data
IT Risk Assessment - ICS A.7 Evaluation of risks Output data
IT Risk Treatment A.8 Identification of options Input data
IT Risk Treatment - CGF A.8 Identification of options Input data
IT Risk Treatment - ERM A.8 Identification of options Input data
IT Risk Treatment - ERM Exchange Data1 Data
IT Risk Treatment - ICS A.8 Identification of options Input data
IT Risk Treatment - ICS Exchange Data1 Data
D29 Add. org. roles IT Risk Treatment A.9 Development of action plan Input data
IT Risk Treatment - CGF A.9 Development of action plan Input data
IT Risk Treatment - ERM A.9 Development of action plan Input data
IT Risk Treatment - ICS A.9 Development of action plan Input data
D2 Financial & political info IT Definition of Scope and Framework - ICS A.1 Definition of external environment Input data
D30 Planning methodology IT Risk Treatment A.9 Development of action plan Input data
IT Risk Treatment - CGF A.9 Development of action plan Input data
IT Risk Treatment - ERM A.9 Development of action plan Input data
IT Risk Treatment - ICS A.9 Development of action plan Input data
D31 Priority scheme IT Risk Treatment A.9 Development of action plan Input data
IT Risk Treatment - CGF A.9 Development of action plan Input data
IT Risk Treatment - ERM A.9 Development of action plan Input data
IT Risk Treatment - ICS A.9 Development of action plan Input data
D32 Action plan Establish control activities ICS ERM Est3 Data
Establish control activities ICS ERM Prioritise monitoring procedures DP Mapping Source
IT Monitor and Review A.14 Risk monitoring and reporting Input data
IT Monitor and Review - CGF A.14 Risk monitoring and reporting Input data
IT Monitor and Review - ERM A.14 Risk monitoring and reporting Input data
IT Monitor and Review - ICS A.14 Risk monitoring and reporting Input data
IT Monitor and Review - ICS Data Port Mapping Target
IT Monitor and Review - ICS Exchange Data2 Data
IT Risk Treatment A.10 Approval of action plan Input data
IT Risk Treatment A.9 Development of action plan Output data
IT Risk Treatment - CGF A.10 Approval of action plan Input data
IT Risk Treatment - CGF A.9 Development of action plan Output data
IT Risk Treatment - ERM A.10 Approval of action plan Input data
IT Risk Treatment - ERM A.9 Development of action plan Output data
IT Risk Treatment - ICS A.10 Approval of action plan Input data
IT Risk Treatment - ICS A.9 Development of action plan Output data
Monitor business operations ICS ERM Mon1 Data
Monitor business operations ICS ERM Perform ongoing monitoring activities DP Mapping Source
Monitor IT operations ICS Mon1 Data
Monitor IT operations ICS Perform ongoing monitoring activities DP Mapping Source
D33 Resource assignment IT Monitor and Review A.14 Risk monitoring and reporting Input data
IT Monitor and Review - CGF A.14 Risk monitoring and reporting Input data
IT Monitor and Review - ERM A.14 Risk monitoring and reporting Input data
IT Monitor and Review - ICS A.14 Risk monitoring and reporting Input data
IT Risk Treatment A.9 Development of action plan Output data
IT Risk Treatment - CGF A.9 Development of action plan Output data
IT Risk Treatment - ERM A.9 Development of action plan Output data
IT Risk Treatment - ICS A.9 Development of action plan Output data
D34 Responsibility assignment IT Risk Treatment A.9 Development of action plan Output data
IT Risk Treatment - CGF A.9 Development of action plan Output data
IT Risk Treatment - ERM A.9 Development of action plan Output data
IT Risk Treatment - ICS A.9 Development of action plan Output data
D35 Reporting scheme IT Risk Treatment A.11 Implementation of action plan Input data
IT Risk Treatment - CGF A.11 Implementation of action plan Input data
IT Risk Treatment - ERM A.11 Implementation of action plan Input data
IT Risk Treatment - ICS A.11 Implementation of action plan Input data
D36 Implementation cost reporting IT Risk Treatment A.11 Implementation of action plan Input data
IT Risk Treatment - CGF A.11 Implementation of action plan Input data
IT Risk Treatment - ERM A.11 Implementation of action plan Input data
IT Risk Treatment - ICS A.11 Implementation of action plan Input data
D37 Coordinated activity list IT Risk Treatment A.11 Implementation of action plan Output data
IT Risk Treatment - CGF A.11 Implementation of action plan Output data
IT Risk Treatment - ERM A.11 Implementation of action plan Output data
IT Risk Treatment - ICS A.11 Implementation of action plan Output data
D38 Project progress reports IT Risk Treatment A.11 Implementation of action plan Output data
IT Risk Treatment - CGF A.11 Implementation of action plan Output data
IT Risk Treatment - ERM A.11 Implementation of action plan Output data
IT Risk Treatment - ICS A.11 Implementation of action plan Output data
D39 Implement. progress reports IT Monitor and Review A.14 Risk monitoring and reporting Input data
IT Monitor and Review - CGF A.14 Risk monitoring and reporting Input data
IT Monitor and Review - CGF Data Port-168307 Mapping Target
IT Monitor and Review - CGF Data Port-168307 Mapping Target
IT Monitor and Review - ERM A.14 Risk monitoring and reporting Input data
IT Monitor and Review - ICS A.14 Risk monitoring and reporting Input data
IT Monitor and Review - ICS Data Port Mapping Target
IT Monitor and Review - ICS Data Port Mapping Target
IT Risk Treatment A.11 Implementation of action plan Output data
IT Risk Treatment - CGF A.11 Implementation of action plan Output data
IT Risk Treatment - ERM A.11 Implementation of action plan Output data
IT Risk Treatment - ICS A.11 Implementation of action plan Output data
D3 Relevant legal info IT Definition of Scope and Framework - CGF Data Port-164735 Mapping Target
IT Definition of Scope and Framework - CGF Data Port-164735 Mapping Target
IT Definition of Scope and Framework - ICS A.1 Definition of external environment Input data
D40 Overview of costs IT Risk Treatment A.11 Implementation of action plan Output data
IT Risk Treatment - CGF A.11 Implementation of action plan Output data
IT Risk Treatment - ERM A.11 Implementation of action plan Output data
IT Risk Treatment - ICS A.11 Implementation of action plan Output data
D41 Past risk treatment dec. IT Monitor and Review A.14 Risk monitoring and reporting Input data
IT Monitor and Review - CGF A.14 Risk monitoring and reporting Input data
IT Monitor and Review - ERM A.14 Risk monitoring and reporting Input data
IT Monitor and Review - ICS A.14 Risk monitoring and reporting Input data
IT Risk Acceptance A.13 Risk acceptance Output data
IT Risk Acceptance - CGF A.13 Risk acceptance Output data
IT Risk Acceptance - ERM A.13 Risk acceptance Output data
IT Risk Acceptance - ICS A.13 Risk acceptance Output data
D42 Reporting on incidents IT Risk Communication A.15 Risk communication - risk awareness - consulting Input data
IT Risk Communication - CGF A.15 Risk communication - risk awareness - consulting Input data
IT Risk Communication - ERM A.15 Risk communication - risk awareness - consulting Input data
IT Risk Communication - ICS A.15 Risk communication - risk awareness - consulting Input data
D43 Risk treatment plan info req. IT Risk Communication A.15 Risk communication - risk awareness - consulting Input data
IT Risk Communication - CGF A.15 Risk communication - risk awareness - consulting Input data
IT Risk Communication - ERM A.15 Risk communication - risk awareness - consulting Input data
IT Risk Communication - ICS A.15 Risk communication - risk awareness - consulting Input data
D44 Relevant sources info IT Risk Communication A.15 Risk communication - risk awareness - consulting Input data
IT Risk Communication - CGF A.15 Risk communication - risk awareness - consulting Input data
IT Risk Communication - ERM A.15 Risk communication - risk awareness - consulting Input data
IT Risk Communication - ICS A.15 Risk communication - risk awareness - consulting Input data
D45 Consulting reports IT Risk Communication A.15 Risk communication - risk awareness - consulting Input data
IT Risk Communication - CGF A.15 Risk communication - risk awareness - consulting Input data
IT Risk Communication - ERM A.15 Risk communication - risk awareness - consulting Input data
IT Risk Communication - ICS A.15 Risk communication - risk awareness - consulting Input data
D47 Communication to partners Information & communication ICS ERM Inf1 Data
Information & communication ICS ERM Provide actionable information DP Mapping Source
IT Risk Communication A.15 Risk communication - risk awareness - consulting Output data
IT Risk Communication - CGF A.15 Risk communication - risk awareness - consulting Output data
IT Risk Communication - ERM A.15 Risk communication - risk awareness - consulting Output data
IT Risk Communication - ICS A.15 Risk communication - risk awareness - consulting Output data
IT Risk Communication - ICS Exchange Data1 Data
D48 Info for stakeholders Information & communication ICS ERM Inf1 Data
Information & communication ICS ERM Provide actionable information DP Mapping Source
IT Risk Communication A.15 Risk communication - risk awareness - consulting Output data
IT Risk Communication - CGF A.15 Risk communication - risk awareness - consulting Output data
IT Risk Communication - ERM A.15 Risk communication - risk awareness - consulting Output data
IT Risk Communication - ICS A.15 Risk communication - risk awareness - consulting Output data
IT Risk Communication - ICS A.15 Risk communication - risk awareness - consulting DP Mapping Target
IT Risk Communication - ICS Exchange Data1 Data
D49 Consulting requests IT Risk Communication A.15 Risk communication - risk awareness - consulting Output data
IT Risk Communication - CGF A.15 Risk communication - risk awareness - consulting Output data
IT Risk Communication - ERM A.15 Risk communication - risk awareness - consulting Output data
IT Risk Communication - ICS A.15 Risk communication - risk awareness - consulting Output data
D4 Environment info IT Definition of Scope and Framework - ICS A.1 Definition of external environment Input data
D50 Risk communication plan Information & communication ICS ERM Inf1 Data
Information & communication ICS ERM Provide actionable information DP Mapping Source
IT Risk Communication A.15 Risk communication - risk awareness - consulting Output data
IT Risk Communication - CGF A.15 Risk communication - risk awareness - consulting Output data
IT Risk Communication - ERM A.15 Risk communication - risk awareness - consulting Output data
IT Risk Communication - ICS A.15 Risk communication - risk awareness - consulting Output data
IT Risk Communication - ICS Exchange Data1 Data
D51 Strategy on organization IT Definition of Scope and Framework A.2 Definition of internal environment Input data
IT Definition of Scope and Framework - CGF A.2 Definition of internal environment Input data
IT Definition of Scope and Framework - CGF Data Port Mapping Target
IT Definition of Scope and Framework - ERM A.2 Definition of internal environment Input data
IT Definition of Scope and Framework - ERM Data Port-135201 Mapping Target
IT Definition of Scope and Framework - ICS A.2 Definition of internal environment Input data
IT Definition of Scope and Framework - ICS Data Port Mapping Target
IT Definition of Scope and Framework - ICS Data Port Mapping Target
IT Definition of Scope and Framework - ICS Data Port Mapping Target
IT Definition of Scope and Framework - ICS Data Port Mapping Target
D52 Desc. internal stakeholders IT Definition of Scope and Framework A.2 Definition of internal environment Input data
IT Definition of Scope and Framework - CGF A.2 Definition of internal environment Input data
IT Definition of Scope and Framework - ERM A.2 Definition of internal environment Input data
IT Definition of Scope and Framework - ICS A.2 Definition of internal environment Input data
D53 Assets (resources) IT Definition of Scope and Framework A.2 Definition of internal environment Input data
IT Definition of Scope and Framework - CGF A.2 Definition of internal environment Input data
IT Definition of Scope and Framework - CGF Data Port Mapping Target
IT Definition of Scope and Framework - CGF Data Port Mapping Target
IT Definition of Scope and Framework - CGF Data Port Mapping Target
IT Definition of Scope and Framework - CGF Data Port Mapping Target
IT Definition of Scope and Framework - CGF Data Port Mapping Target
IT Definition of Scope and Framework - CGF Data Port Mapping Target
IT Definition of Scope and Framework - CGF Data Port Mapping Target
IT Definition of Scope and Framework - CGF Data Port Mapping Target
IT Definition of Scope and Framework - CGF Data Port Mapping Target
IT Definition of Scope and Framework - CGF Data Port Mapping Target
IT Definition of Scope and Framework - CGF Data Port Mapping Target
IT Definition of Scope and Framework - ERM A.2 Definition of internal environment Input data
IT Definition of Scope and Framework - ERM Data Port-135201 Mapping Target
IT Definition of Scope and Framework - ICS A.2 Definition of internal environment Input data
IT Definition of Scope and Framework - ICS Data Port Mapping Target
IT Definition of Scope and Framework - ICS Data Port Mapping Target
IT Definition of Scope and Framework - ICS Data Port Mapping Target
IT Definition of Scope and Framework - ICS Data Port Mapping Target
IT Definition of Scope and Framework - ICS Data Port Mapping Target
IT Definition of Scope and Framework - ICS Data Port Mapping Target
D54 Desc. internal roles Analyse internal environment ICS ERM Ana11 Data
Analyse internal environment ICS ERM Create common view on enterprise risk management philosophy DP Mapping Source
IT Definition of Scope and Framework A.2 Definition of internal environment Output data
IT Definition of Scope and Framework - CGF A.2 Definition of internal environment Output data
IT Definition of Scope and Framework - CGF Data Port Mapping Target
IT Definition of Scope and Framework - CGF Exchange Data4 Data
IT Definition of Scope and Framework - ERM A.2 Definition of internal environment Output data
IT Definition of Scope and Framework - ICS A.2 Definition of internal environment Output data
IT Definition of Scope and Framework - ICS Exchange Data9 Data
Perform Governance Framework gap analysis Per5 Data
D55 Desc. main processes Analyse internal environment ICS ERM Ana11 Data
Analyse internal environment ICS ERM Create common view on enterprise risk management philosophy DP Mapping Source
IT Definition of Scope and Framework A.2 Definition of internal environment Output data
IT Definition of Scope and Framework - CGF A.2 Definition of internal environment Output data
IT Definition of Scope and Framework - CGF Exchange Data4 Data
IT Definition of Scope and Framework - ERM A.2 Definition of internal environment Output data
IT Definition of Scope and Framework - ICS A.2 Definition of internal environment Output data
IT Definition of Scope and Framework - ICS Exchange Data9 Data
Perform Governance Framework gap analysis Analyse AS-IS state in IT DP Mapping Source
Perform Governance Framework gap analysis Analyse AS-IS state in processes DP Mapping Source
Perform Governance Framework gap analysis Per4 Data
D56 Desc. internal assets Analyse internal environment ICS ERM Ana11 Data
Analyse internal environment ICS ERM Create common view on enterprise risk management philosophy DP Mapping Source
IT Definition of Scope and Framework A.2 Definition of internal environment Output data
IT Definition of Scope and Framework A.3 Generation of risk management context Input data
IT Definition of Scope and Framework - CGF A.2 Definition of internal environment Output data
IT Definition of Scope and Framework - CGF A.3 Generation of risk management context Input data
IT Definition of Scope and Framework - CGF Exchange Data4 Data
IT Definition of Scope and Framework - ERM A.2 Definition of internal environment Output data
IT Definition of Scope and Framework - ERM A.3 Generation of risk management context Input data
IT Definition of Scope and Framework - ICS A.2 Definition of internal environment Output data
IT Definition of Scope and Framework - ICS A.3 Generation of risk management context Input data
IT Definition of Scope and Framework - ICS Exchange Data9 Data
Perform Governance Framework gap analysis Per6 Data
D57 Desc. rel. BPs and assets Analyse internal environment ICS ERM Ana11 Data
Analyse internal environment ICS ERM Create common view on enterprise risk management philosophy DP Mapping Source
Assess IT environment ICS Asse2 Data
Assess IT environment ICS Asses IT environment DP Mapping Source
IT Definition of Scope and Framework A.2 Definition of internal environment Output data
IT Definition of Scope and Framework - CGF A.2 Definition of internal environment Output data
IT Definition of Scope and Framework - CGF Data Port Mapping Target
IT Definition of Scope and Framework - CGF Exchange Data4 Data
IT Definition of Scope and Framework - ERM A.2 Definition of internal environment Output data
IT Definition of Scope and Framework - ICS A.2 Definition of internal environment Output data
IT Definition of Scope and Framework - ICS Exchange Data9 Data
Perform Governance Framework gap analysis Analyse AS-IS state in IT DP Mapping Source
Perform Governance Framework gap analysis Analyse AS-IS state in processes DP Mapping Source
Perform Governance Framework gap analysis Per4 Data
Perform Governance Framework gap analysis Per6 Data
D58 List of strategies Analyse internal environment ICS ERM Agree level of risk appetite DP Mapping Source
Analyse internal environment ICS ERM Ana11 Data
Analyse internal environment ICS ERM Create common view on enterprise risk management philosophy DP Mapping Source
Evaluate Framework implementation scenarios Align road map with company strategy DP Mapping Source
Evaluate Framework implementation scenarios Eva4 Data
IT Definition of Scope and Framework A.2 Definition of internal environment Output data
IT Definition of Scope and Framework - CGF A.2 Definition of internal environment Output data
IT Definition of Scope and Framework - CGF Exchange Data2 Data
IT Definition of Scope and Framework - ERM A.2 Definition of internal environment Output data
IT Definition of Scope and Framework - ICS A.2 Definition of internal environment Output data
IT Definition of Scope and Framework - ICS Exchange Data9 Data
Set objective ICS ERM Establish strategic objectives DP Mapping Source
Set objective ICS ERM Set1 Data
D59 Risk appetite or tolerance Analyse internal environment ICS ERM Agree level of risk appetite DP Mapping Source
Analyse internal environment ICS ERM Ana11 Data
IT Definition of Scope and Framework A.2 Definition of internal environment Output data
IT Definition of Scope and Framework - CGF A.2 Definition of internal environment Output data
IT Definition of Scope and Framework - ERM A.2 Definition of internal environment Output data
IT Definition of Scope and Framework - ICS A.2 Definition of internal environment Output data
IT Definition of Scope and Framework - ICS Exchange Data9 Data
Set objective ICS ERM Align with strategy and risk appetite DP Mapping Source
Set objective ICS ERM Set1 Data
Set objective ICS ERM Set risk tolerances DP Mapping Source
D5 External stakeholder info IT Definition of Scope and Framework - ICS A.1 Definition of external environment Input data
D60 Rules for impact acceptance IT Definition of Scope and Framework A.4 Formulation of impact limit criteria Input data
IT Definition of Scope and Framework - CGF A.4 Formulation of impact limit criteria Input data
IT Definition of Scope and Framework - ERM A.4 Formulation of impact limit criteria Input data
IT Definition of Scope and Framework - ICS A.4 Formulation of impact limit criteria Input data
D61 Asset classification IT Definition of Scope and Framework A.4 Formulation of impact limit criteria Input data
IT Definition of Scope and Framework - CGF A.4 Formulation of impact limit criteria Input data
IT Definition of Scope and Framework - ERM A.4 Formulation of impact limit criteria Input data
IT Definition of Scope and Framework - ICS A.4 Formulation of impact limit criteria Input data
D62 Assessment activities criteria IT Definition of Scope and Framework A.4 Formulation of impact limit criteria Output data
IT Definition of Scope and Framework - CGF A.4 Formulation of impact limit criteria Output data
IT Definition of Scope and Framework - ERM A.4 Formulation of impact limit criteria Output data
IT Definition of Scope and Framework - ICS A.4 Formulation of impact limit criteria Output data
IT Risk Assessment A.7 Evaluation of risks Input data
IT Risk Assessment - CGF A.7 Evaluation of risks Input data
IT Risk Assessment - ERM A.7 Evaluation of risks Input data
IT Risk Assessment - ICS A.7 Evaluation of risks Input data
IT Risk Treatment A.8 Identification of options Input data
IT Risk Treatment - CGF A.8 Identification of options Input data
IT Risk Treatment - ERM A.8 Identification of options Input data
IT Risk Treatment - ICS A.8 Identification of options Input data
D63 Asset class. scheme IT Definition of Scope and Framework A.4 Formulation of impact limit criteria Output data
IT Definition of Scope and Framework - CGF A.4 Formulation of impact limit criteria Output data
IT Definition of Scope and Framework - ERM A.4 Formulation of impact limit criteria Output data
IT Definition of Scope and Framework - ICS A.4 Formulation of impact limit criteria Output data
IT Risk Assessment A.6 Analysis of relevant risks Input data
IT Risk Assessment A.7 Evaluation of risks Input data
IT Risk Assessment - CGF A.6 Analysis of relevant risks Input data
IT Risk Assessment - CGF A.7 Evaluation of risks Input data
IT Risk Assessment - ERM A.6 Analysis of relevant risks Input data
IT Risk Assessment - ERM A.7 Evaluation of risks Input data
IT Risk Assessment - ICS A.6 Analysis of relevant risks Input data
IT Risk Assessment - ICS A.7 Evaluation of risks Input data
D64 Relevant detailed assets IT Risk Assessment A.6 Analysis of relevant risks Input data
IT Risk Assessment - CGF A.6 Analysis of relevant risks Input data
IT Risk Assessment - ERM A.6 Analysis of relevant risks Input data
IT Risk Assessment - ICS A.6 Analysis of relevant risks Input data
D65 Risk limits IT Risk Assessment A.6 Analysis of relevant risks Input data
IT Risk Assessment - CGF A.6 Analysis of relevant risks Input data
IT Risk Assessment - ERM A.6 Analysis of relevant risks Input data
IT Risk Assessment - ICS A.6 Analysis of relevant risks Input data
D66 Existing controls IT Risk Assessment A.6 Analysis of relevant risks Input data
IT Risk Assessment - CGF A.6 Analysis of relevant risks Input data
IT Risk Assessment - ERM A.6 Analysis of relevant risks Input data
IT Risk Assessment - ICS A.6 Analysis of relevant risks Input data
D67 Classified assets IT Risk Assessment A.6 Analysis of relevant risks Output data
IT Risk Assessment A.7 Evaluation of risks Input data
IT Risk Assessment - CGF A.6 Analysis of relevant risks Output data
IT Risk Assessment - CGF A.7 Evaluation of risks Input data
IT Risk Assessment - ERM A.6 Analysis of relevant risks Output data
IT Risk Assessment - ERM A.7 Evaluation of risks Input data
IT Risk Assessment - ICS A.6 Analysis of relevant risks Output data
IT Risk Assessment - ICS A.7 Evaluation of risks Input data
D68 Threats relative to assets IT Risk Assessment A.6 Analysis of relevant risks Output data
IT Risk Assessment A.7 Evaluation of risks Input data
IT Risk Assessment - CGF A.6 Analysis of relevant risks Output data
IT Risk Assessment - CGF A.7 Evaluation of risks Input data
IT Risk Assessment - ERM A.6 Analysis of relevant risks Output data
IT Risk Assessment - ERM A.7 Evaluation of risks Input data
IT Risk Assessment - ICS A.6 Analysis of relevant risks Output data
IT Risk Assessment - ICS A.7 Evaluation of risks Input data
D69 Controls relative to assets IT Risk Assessment A.6 Analysis of relevant risks Output data
IT Risk Assessment A.7 Evaluation of risks Input data
IT Risk Assessment - CGF A.6 Analysis of relevant risks Output data
IT Risk Assessment - CGF A.7 Evaluation of risks Input data
IT Risk Assessment - ERM A.6 Analysis of relevant risks Output data
IT Risk Assessment - ERM A.7 Evaluation of risks Input data
IT Risk Assessment - ICS A.6 Analysis of relevant risks Output data
IT Risk Assessment - ICS A.7 Evaluation of risks Input data
D6 External environment recs IT Definition of Scope and Framework A.1 Definition of external environment Output data
IT Definition of Scope and Framework - CGF A.1 Definition of external environment Output data
IT Definition of Scope and Framework - ERM A.1 Definition of external environment Output data
IT Definition of Scope and Framework - ICS A.1 Definition of external environment Output data
D70 Impacts relative to assets IT Risk Assessment A.6 Analysis of relevant risks Output data
IT Risk Assessment A.7 Evaluation of risks Input data
IT Risk Assessment - CGF A.6 Analysis of relevant risks Output data
IT Risk Assessment - CGF A.7 Evaluation of risks Input data
IT Risk Assessment - ERM A.6 Analysis of relevant risks Output data
IT Risk Assessment - ERM A.7 Evaluation of risks Input data
IT Risk Assessment - ICS A.6 Analysis of relevant risks Output data
IT Risk Assessment - ICS A.7 Evaluation of risks Input data
D71 Risks relative to assets IT Risk Assessment A.6 Analysis of relevant risks Output data
IT Risk Assessment A.7 Evaluation of risks Input data
IT Risk Assessment - CGF A.6 Analysis of relevant risks Output data
IT Risk Assessment - CGF A.7 Evaluation of risks Input data
IT Risk Assessment - ERM A.6 Analysis of relevant risks Output data
IT Risk Assessment - ERM A.7 Evaluation of risks Input data
IT Risk Assessment - ICS A.6 Analysis of relevant risks Output data
IT Risk Assessment - ICS A.7 Evaluation of risks Input data
D72 Risks relative to asset groups IT Risk Assessment A.6 Analysis of relevant risks Output data
IT Risk Assessment A.7 Evaluation of risks Input data
IT Risk Assessment - CGF A.6 Analysis of relevant risks Output data
IT Risk Assessment - CGF A.7 Evaluation of risks Input data
IT Risk Assessment - ERM A.6 Analysis of relevant risks Output data
IT Risk Assessment - ERM A.7 Evaluation of risks Input data
IT Risk Assessment - ICS A.6 Analysis of relevant risks Output data
IT Risk Assessment - ICS A.7 Evaluation of risks Input data
D73 Risk treatment options IT Risk Treatment A.8 Identification of options Input data
IT Risk Treatment - CGF A.8 Identification of options Input data
IT Risk Treatment - ERM A.8 Identification of options Input data
IT Risk Treatment - ICS A.8 Identification of options Input data
D74 Risk limits for criteria IT Risk Treatment A.8 Identification of options Input data
IT Risk Treatment - CGF A.8 Identification of options Input data
IT Risk Treatment - ERM A.8 Identification of options Input data
IT Risk Treatment - ICS A.8 Identification of options Input data
D75 Class. risk treatment options Define risk response ICS ERM Def1 Data
Define risk response ICS ERM Identify risk responses DP Mapping Source
IT Risk Treatment A.8 Identification of options Output data
IT Risk Treatment A.9 Development of action plan Input data
IT Risk Treatment - CGF A.8 Identification of options Output data
IT Risk Treatment - CGF A.9 Development of action plan Input data
IT Risk Treatment - ERM A.8 Identification of options Output data
IT Risk Treatment - ERM A.9 Development of action plan Input data
IT Risk Treatment - ICS A.8 Identification of options Output data
IT Risk Treatment - ICS A.9 Development of action plan Input data
IT Risk Treatment - ICS Exchange Data2 Data
D76 Presentation techniques IT Risk Treatment A.10 Approval of action plan Input data
IT Risk Treatment - CGF A.10 Approval of action plan Input data
IT Risk Treatment - ERM A.10 Approval of action plan Input data
IT Risk Treatment - ICS A.10 Approval of action plan Input data
D77 Approved Activity Lists Assess and evaluate IT risks ICS Asse2 Data
Assess and evaluate IT risks ICS Evaluate risks for IT service(s) DP Mapping Source
Define business controls ICS Def1 Data
Define business controls ICS Evaluate applicable types of control activities DP Mapping Source
Define IT controls ICS Def1 Data
Define IT controls ICS Identify IT control requirements DP Mapping Source
Define risk response ICS ERM Def2 Data
Define risk response ICS ERM Develop implementation plan DP Mapping Source
Design IT service Des1 Data
Design IT service Evaluate implementation scenarios DP Mapping Source
Develop projects plans Dev4 Data
Develop projects plans Split implement. into smaller projects DP Mapping Source
Establish control activities ICS ERM Est1 Data
Establish control activities ICS ERM Establish entity specific controls DP Mapping Source
Evaluate Framework implementation scenarios Develop different imp. scenarios DP Mapping Source
Evaluate Framework implementation scenarios Eva3 Data
IT Risk Acceptance - ICS Exchange Data1 Data
IT Risk Treatment A.10 Approval of action plan Output data
IT Risk Treatment A.11 Implementation of action plan Input data
IT Risk Treatment - CGF A.10 Approval of action plan Output data
IT Risk Treatment - CGF A.11 Implementation of action plan Input data
IT Risk Treatment - CGF Exchange Data1 Data
IT Risk Treatment - ERM A.10 Approval of action plan Output data
IT Risk Treatment - ERM A.11 Implementation of action plan Input data
IT Risk Treatment - ICS A.10 Approval of action plan Output data
IT Risk Treatment - ICS A.11 Implementation of action plan Input data
D78 Evaluated residual risks IT Risk Acceptance A.13 Risk acceptance Input data
IT Risk Acceptance - CGF A.13 Risk acceptance Input data
IT Risk Acceptance - ERM A.13 Risk acceptance Input data
IT Risk Acceptance - ICS A.13 Risk acceptance Input data
IT Risk Treatment A.12 Identification of residual risks Output data
IT Risk Treatment - CGF A.12 Identification of residual risks Output data
IT Risk Treatment - ERM A.12 Identification of residual risks Output data
IT Risk Treatment - ICS A.12 Identification of residual risks Output data
D79 External ref. docs IT Monitor and Review A.14 Risk monitoring and reporting Input data
IT Monitor and Review - CGF A.14 Risk monitoring and reporting Input data
IT Monitor and Review - ERM A.14 Risk monitoring and reporting Input data
IT Monitor and Review - ICS A.14 Risk monitoring and reporting Input data
D7 Laws and regulations IT Definition of Scope and Framework A.1 Definition of external environment Output data
IT Definition of Scope and Framework - CGF A.1 Definition of external environment Output data
IT Definition of Scope and Framework - CGF Exchange Data10 Data
IT Definition of Scope and Framework - ERM A.1 Definition of external environment Output data
IT Definition of Scope and Framework - ICS A.1 Definition of external environment Output data
Monitor changes in Governance Frameworks Mon1 Data
Monitor changes in Governance Frameworks Monitor changes in best practices DP Mapping Source
D80 Add. internal ref. docs IT Monitor and Review A.14 Risk monitoring and reporting Input data
IT Monitor and Review - CGF A.14 Risk monitoring and reporting Input data
IT Monitor and Review - ERM A.14 Risk monitoring and reporting Input data
IT Monitor and Review - ICS A.14 Risk monitoring and reporting Input data
D81 Security policies IT Monitor and Review A.14 Risk monitoring and reporting Input data
IT Monitor and Review - CGF A.14 Risk monitoring and reporting Input data
IT Monitor and Review - ERM A.14 Risk monitoring and reporting Input data
IT Monitor and Review - ICS A.14 Risk monitoring and reporting Input data
D82 Incidents reports IT Monitor and Review A.14 Risk monitoring and reporting Input data
IT Monitor and Review - CGF A.14 Risk monitoring and reporting Input data
IT Monitor and Review - ERM A.14 Risk monitoring and reporting Input data
IT Monitor and Review - ICS A.14 Risk monitoring and reporting Input data
D83 Internal stakeh. events Collect event details ICS Col1 Data
Collect event details ICS Record event details DP Mapping Source
Disclose required information Disclose required information DP Mapping Source
Disclose required information Exchange Data1 Data
IT Monitor and Review A.14 Risk monitoring and reporting Output data
IT Monitor and Review - CGF A.14 Risk monitoring and reporting Output data
IT Monitor and Review - CGF Exchange Data3 Data
IT Monitor and Review - ERM A.14 Risk monitoring and reporting Output data
IT Monitor and Review - ICS A.14 Risk monitoring and reporting Output data
IT Monitor and Review - ICS Exchange Data5 Data
IT Risk Treatment A.12 Identification of residual risks Input data
IT Risk Treatment - CGF A.12 Identification of residual risks Input data
IT Risk Treatment - ERM A.12 Identification of residual risks Input data
IT Risk Treatment - ICS A.12 Identification of residual risks Input data
D84 External parties events Collect event details ICS Col1 Data
Collect event details ICS Record event details DP Mapping Source
Disclose required information Disclose required information DP Mapping Source
Disclose required information Exchange Data1 Data
IT Monitor and Review A.14 Risk monitoring and reporting Output data
IT Monitor and Review - CGF A.14 Risk monitoring and reporting Output data
IT Monitor and Review - CGF Exchange Data3 Data
IT Monitor and Review - ERM A.14 Risk monitoring and reporting Output data
IT Monitor and Review - ICS A.14 Risk monitoring and reporting Output data
IT Monitor and Review - ICS Exchange Data5 Data
D85 Internal indicators Disclose required information Disclose required information DP Mapping Source
Disclose required information Exchange Data1 Data
IT Monitor and Review A.14 Risk monitoring and reporting Output data
IT Monitor and Review - CGF A.14 Risk monitoring and reporting Output data
IT Monitor and Review - CGF Exchange Data3 Data
IT Monitor and Review - ERM A.14 Risk monitoring and reporting Output data
IT Monitor and Review - ICS A.14 Risk monitoring and reporting Output data
D86 Cost indicators IT Monitor and Review A.14 Risk monitoring and reporting Output data
IT Monitor and Review - CGF A.14 Risk monitoring and reporting Output data
IT Monitor and Review - ERM A.14 Risk monitoring and reporting Output data
IT Monitor and Review - ICS A.14 Risk monitoring and reporting Output data
IT Risk Treatment A.11 Implementation of action plan Input data
IT Risk Treatment - CGF A.11 Implementation of action plan Input data
IT Risk Treatment - ERM A.11 Implementation of action plan Input data
IT Risk Treatment - ICS A.11 Implementation of action plan Input data
D8 Applicable rules IT Definition of Scope and Framework A.1 Definition of external environment Output data
IT Definition of Scope and Framework A.2 Definition of internal environment Input data
IT Definition of Scope and Framework - CGF A.1 Definition of external environment Output data
IT Definition of Scope and Framework - CGF A.2 Definition of internal environment Input data
IT Definition of Scope and Framework - CGF Data Port-164735-168020 Mapping Target
IT Definition of Scope and Framework - CGF Data Port-164735-168020 Mapping Target
IT Definition of Scope and Framework - CGF Exchange Data10 Data
IT Definition of Scope and Framework - ERM A.1 Definition of external environment Output data
IT Definition of Scope and Framework - ERM A.2 Definition of internal environment Input data
IT Definition of Scope and Framework - ICS A.1 Definition of external environment Output data
IT Definition of Scope and Framework - ICS A.2 Definition of internal environment Input data
Monitor changes in Governance Frameworks Mon1 Data
Monitor changes in Governance Frameworks Monitor changes in best practices DP Mapping Source
D9 Process dependencies IT Definition of Scope and Framework A.3 Generation of risk management context Input data
IT Definition of Scope and Framework - CGF A.3 Generation of risk management context Input data
IT Definition of Scope and Framework - ERM A.3 Generation of risk management context Input data
IT Definition of Scope and Framework - ICS A.3 Generation of risk management context Input data