Risk Assessment and Risk Treatment (RART)
The technical controls are implemented and are no longer considered a risk
3.1 Methodology
Risk processes adhere to ISO/IEC 27001 Clause 6.1.3 and ISO 31000. The CISO defines risk criteria and oversees all risk activities.
3.2 Risk Register
ID | Asset | Threat | Vulnerability | Likelihood | Impact | Risk Level | Treatment Option | Owner | Target Date |
1 | Client PII Database | Unauthorized access | Weak access controls | Medium | High | High | Implement MFA | Venkat Pothamsetty, CISO | 2025-08-15 |
2 | Innovation IP | Data leakage | Unsecured file sharing | Medium | Medium | Medium | Implement Falcon | Venkat Pothamsetty, CISO | 2025-09-01 |
3.3 Treatment Plan
The CISO selects and implements controls to mitigate risks, with residual risks documented and accepted by the CISO.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article