Text of Recommendation | Use the fully defined ISA to:
a. Assess enterprise, business process, and information system level risks;
b. Formally define enterprise, business process, and information system level risk tolerance and appetite levels necessary for prioritizing and guiding risk management decisions;
c. Conduct an organization wide security and privacy risk assessment; and,
d. Conduct a supply chain risk assessment.
|
---|---|
Recommendation Number | 2 |
Recommendation Status | Open |
Significant Recommendation | Yes |
Submitting OIG | |
---|---|
Linked Report |