The corporate is an Oil and Gas company. The corporate risk matrix is composed of 9 levels and the lowest risk level is very law at loses of less than $50 million. The challenge is the highest level of IT risk which composed of 5 levels is very high and loses is most likely less than $50 million. So if we only consider the corporate risk matrix then all IT risks will be very low which it should not [url removed, login to view]:
1- How to establish an IT risk matrix and to compare it to the corporate risk matrix. Refer to best practices and security frameworks and methodologies.
2- How can we determine the IT risk appetite. Refer to best practices and security frameworks and methodologies
3- How to create an effective key risk indicators KRIs in current risk management practice. Refer to best practices.
13 freelancers are bidding on average $152 for this job
Hi, I can help in completing your report and analysis on information security risk management , Risk matrix, appetite and key risk indicators KRIs . Kindly message me so as to discuss further on the [url removed, login to view]