Struggling with use cases behind Policy Exception (Risk Acceptance), vs Risk, vs Risk Treatment Plan. How do you delineate, and what is the relationships between each?

Posting as :
works at
You are currently posting as works at

Discovered risk is either accepted or remediated. When a vulnerability (risk) is found in an environment it usually breaks a policy requiring a policy exception or remediation.

Remediate(treatment plan): a documented plan for how they will get their and responsible parties involved.

Accept(policy exception): document risk. Assign the risk to an owner(s) and obtain sign off. This is reviewed every X months/quarters/years.

like

Google CISSP risk acceptance, transfer, mitigation, and avoidance.

like

Related Posts

I am committed to working in Experience Design, but rather apathetic and bored with the everyday mundane work. Friends, have you been here and did you find a way to create more interesting work?

like

Can someone teach me how to better manage calendars, in terms of which calendar application to use and how many and what calendar labels are?

like

Accenture having below requirements. If it suits your profile, ping me.

Post Photo

Hi Fishes

I have Joined GDS in July 2022 for banglore office, my home town is in Andhra Pradesh, as of now all my team members are working from home.

In my offer letter relocation assistance is mentioned as supposed to be utilised in first 2 months, but there is no business need of relocating at this point of time, will they provide relocation if I relocate at later date.

like

I really appreciate the confessions bowl because when I was super depressed / wanting to die last year, I threw everything here. So I was crazy here but the people in my life still think I’m normal

likeupliftinghelpful

Which one is better IBM or Commonwaelth bank of Australia? In terms of work life balance, culture , opportunities and Pay.IBM Commonwealth Bank

like

People in Ey FAAS GPS, what kind of work do you do and how are your hours??

What's the salary range for S1 with 2 YOE?

like

How many people earn a degree in Engineering but don't pursue a career in it, for whatever reason? I know at least one and I don't know why they spent all that time and money if they weren't going to continue in it

like

Does anyone have leads for a recent MPH Epidemiology grad with 0-2 YOE to get into consultant roles in Healthcare/life sciences?

Second question: what sort of work experiences are companies like flatiron and komodo health looking for to work in RWE/heor? I'm not sure how to leverage Epidemiology to get into that space :(

Can h1b folks get CLEAR? Talking abt airport screening here.

like

Starting to kick the tires on exit opportunities. What are some non sales exit opportunities out there?
I’ve been at D for 5 years. Currently a Manager and have spent most of my time in functional roles. Any advice on exit roles to look at is much appreciated!

like

Hi Fishes,

I just want to know if
Wipro has its office in Gurgaon location?Wipro

like

How is SAP consulting in EY and PWC? How to compare it to Deloitte or Accenture? The HR is taking forever to respond promptly at EY and PWC. Bad sign?

What role does a principal software engineer play in an organisation?

like

My silly girl...in front of a pillow that says it all...

Post Photo
likeuplifting

My dog has become more territorial and aggressive in the past year and I don’t know why. He is a 7 year old shihtzu. If he hears another dog outside when we’re at home, he gets stressed and starts huffing and puffing and running back and forth. He hates the FedEx delivery people and I’m not sure why. He has also recently started lunging and snipping at other people’s feet if they get too close. Cont’d in comments . . .

like

Is 400k gbp all in (175 base + 225 bonus) decent for a VP2?
This is at a UMM fund. Carry c £1.5m but who knows when that will come…

like

Any American-born desi’s on here?

funny

Any recommendations for life insurance for folks on visa?

like

I know I took out the loans and I should repay them and I’m normally fiscally conservative and against giving out free money. But I am hoping student loans get completely cancelled. It would greatly boost the economy if people do not have them hanging over their heads. However, forgiving what is currently there won’t help long term if the predatory practices around student loans aren’t fixed along with soaring tuition prices and salaries for administrators.

likefunny

Additional Posts in Cyber Security Bowl

Privacy fish - Anyone taken the CIPM and can share what the exam is like?

Content outline seems like application of standard consulting approach, so how do they test it on an exam?

I’m a Cyber Director (approx. 13-14 yrs exp) making $250K + $40-50K bonus. Exhausted of consulting & don’t feel like pushing for Partner. Thoughts on industry opportuniti & some pros and cons.

like

I’m currently in IT Audit at a B4. Thinking about switching to cyber because ITA feels like it could be done by a high schooler and there aren’t any exit ops. Is the grass much greener in cyber? What do you like/dislike about it?

like

Looking to transition out of IT audit (SOC reporting/ IT risk assessments) into something more cyber focused. 1 YOE. Will recruiters look down on lack of technical experience? Also, Saw a role for Cyber Associate - IAM at PwC, what does the day to day look like if anyone’s there right now? Thanks!

likefunny

Let's do a salary thread for Cyber Security professionals:

Post your Salary, Years of experience, Qualifications you hold.

Fishbowl will circulate the data once we've reached 100 responses, so make sure to share with your coworkers.

like

#showerthoughts why don’t we see more “hackers” in cyber cinema breaking into offshore tech consultant’s houses and accessing key data from there? 🧐

like

best exit opportunities to pivot into after a career in IAM?

like

Just passed CISSP... disappointingly easy. I took Sec+ a few months prior and thought that was significantly harder. Maybe that was just because it was my first introduction to some things. Thoughts?

likefunny

Was approached by a recruiter at Northern Trust regarding a lead IT risk mgmt role. Does anybody have insight into the culture, work, or comp (4.5 YOE, MCOL)? TIA

like

Do you think it’s worth pursuing a job in MBB for Cyber? Not sure if the brand name carries over in this field. Alternative options are Big4 or security/tech companies (FAANG, Mandiant, etc.)

Does anyone have insight into McKinsey cyber salaries? Analyst? Expert?

like
likefunny

I’m trying to move from GRC to cloud security . My plan is to take the AWS cloud practitioner exam and then the AWS solution architect associate exam, and then try to move to the cloud business unit in my company to get work ex

Is this the right path/direction to take? Any other tips?

like

I am a Manager in EY's Cyber practice, and we are looking to hire qualified professionals across the board. If you are interested, please DM me and we get the process started.

like

Hi everyone, what are your thoughts on essential skills, knowledge or even certifications needed to build a strong case around transferring to the cyber practice? IAM specifically sounds like a good balance of technical work and non technical work so potentially targeting that team. Im recognized as a top performer as an analyst in automation, have experience around multiple programming languages and have been exposed to tools such as wire shark and Splunk.

like

What cert to go for next? Currently have AWS-SAA and Security+. Thinking about CISSP but how difficult is it compared to the AWS-SAA?

likefunny

Any recommended study material for CIPP and/or CIPM (still debating the two)?

Hi, my friend is trying to do a start up in the UAE and was wondering what would be required of him on the cybersec end. I’m pretty fresh in my career and have only done IAM so I’m not sure how(cont.)

like

Did anyone get ghosted from EY recently? I was told that the interviews will be scheduled however been more than 2 weeks and I don’t see any response from recruiter.

like

Is OSCP worth it? Does it really change your salary that much? I'm looking into it - considering leaving my current role and doing a lateral move.

helpfulsmart

New to Fishbowl?

Download the Fishbowl app to
unlock all discussions on Fishbowl.
That was just a preview…
Sign Up to see all discussions
  • Discover what it’s like to work at companies from real professionals
  • Get candid advice from people in your field in a safe space
  • Chat and network with other professionals in your field
Sign up in seconds to unlock all discussions on Fishbowl.

Already a user?
Login here

Share

Embed this post

Copy and paste embed code on your site

Preview

Download the
Fishbowl app

See what’s happening in your industry
from the palm of your hand.

A phone with Fishbowl app

Scan your QR code to download
Fishbowl app on your mobile

Download app

Sign up for free to view this conversation on Fishbowl

By continuing you agree to Terms of Use and Privacy Policy

Already have an account? Log in

Sign up for free to continue using Fishbowl

By continuing you agree to Terms of Use(New) and Privacy Policy(New)
Messaging rates may apply

Already have an account? Log in

For account settings, visit Fishbowl on Desktop Browser or

General

Legal