Sample – Security Risk Management Procedures
October 21, 2012Sample – Security Risk Management Procedures
| Summary or Purpose: | Explain the purpose of the following procedures or requirements. For Vulnerability Management, the summary would explain that the procedures are provided to guide identification, analysis and remediation of known vulnerabilities. The procedures include processes relating to Risk Management and Information Technology responsibilities. |
| Supplemental References: | Reference related documents. For the Vulnerability Management policy, references should point to excel tracking sheets, or analysis worksheets. |
| Process Overview: | Outline key processes associated with implementation of the associated policy. |
| Actions: | Actions are general activities that make up key processes. Actions should specifically define accountability by employee position and establish metrics, if appropriate, such as the frequency the action should be performed, successors or alternates, and documentation associated with the action. |
| Procedures: | Procedures explain how to execute the action, explaining specific requirements and sequential activities. Procedures will define a logical order or steps by which to carry out the defined action. Procedures may include:
|
| Standards: | Standards are very detailed expectations. Standards may be housed in the procedure or defined in a separate document with appropriate reference or links provided. Standards in comparison to procedure are generally more volatile and are very specific. Standards will define:
|