Struggling with use cases behind Policy Exception (Risk Acceptance), vs Risk, vs Risk Treatment Plan. How do you delineate, and what is the relationships between each?

Posting as :
works at
You are currently posting as works at

Discovered risk is either accepted or remediated. When a vulnerability (risk) is found in an environment it usually breaks a policy requiring a policy exception or remediation.

Remediate(treatment plan): a documented plan for how they will get their and responsible parties involved.

Accept(policy exception): document risk. Assign the risk to an owner(s) and obtain sign off. This is reviewed every X months/quarters/years.

like

Google CISSP risk acceptance, transfer, mitigation, and avoidance.

like

Related Posts

Yi haww 🏇🚀

funnylike

Deloitte folks - does anyone have any insight into the Strategic Finance team that sits within Corporate Development? It’s a non client facing role, and a small group that I think is 100% remote. Would love to hear anything and everything you know.

like

Hi guys, i am new to automation.
Is it possible to automate a software (not browser automation)?

Eg. Can be suppose ms word we can go to any menu item and sub menu item etc.

like

I am curious about training for extreme behavior. For example what is the protocol for biting, spitting, kicking punching teachers and/or students at your school? Ages 3-7

like

National insurance

how’s everyone feeling about this?

Quite miffed as I just got a small pay rise and now I think this plus the upcoming not rises in utilities and inflation will pretty much cancel it out.

This country is fucked lol

like

Hello fishes from Boeing, Can anyone let me know the interview procedure and about the work for Experienced propulsion design engineer Nacelle at Bangalore . Completed the first round technical, trying to understand the timelines and process Boeing India Boeing Boeing Airbus
Wipro Tata Consultancy Infosys GE

like

My bonus this year was patently absurd, so I used a bit on some heat: AMM 3s, Parra Air Max 1, and the black Union 4s. Hate to let the resellers win. But at the same time I worked my ass off and wanted some kicks lmao

like

Does anyone know about Kuehne Nagel ? How is the company ?
What ctc should I ask for 3 YOE for Supply Chain Network Engineer?

like

Any advice for a Coca Cola lab analyst interview?

like

What is the salary range for PL8 ?

like

i want to relocate in Singapore but struggling to find opportunities that sponsor visa, would love to speak further guidance and would be good if someone can referred..!


-Manager of RPA and AI team
- 11 yr of exp in Project Management & Data Analyst
- Uipath & Automation Anywhere
- Excel with vba
-Power BI & SAP BO

Is $PLTR a good buy right now? I've been watching the price action for the longest time and I've been waiting for a good 'dip'. Now it's trading around $17.

Thoughts?

like

Hi Fishes,

Need 11 likes to Unlock DM. Kindly do the needful.

Thanks in advance

likesmarthelpful

Im about to purchase my first serious watch - thinking a GMT2 in a 116713 variant. I have a smaller wrist though, so wondering could it look to big?
And what are people’s thoughts on 116713 - too flashy? I don’t want to be “too flashy”

like

I am working at MSLGROUP as an Associate, less than 1 yoe , they have asked me to relocate in 4 weeks to the Location (currently wfh).

Also I have an offer from one of the competitors based in my City.

Relocating will shoot up my expenses and joining the competitor is kind of a downgrade in terms of brand.

What do you think guys?

Best Marriott/SPG in Colorado ski areas? Are any ski on/off?

like

Hi, I got a offer in Dxc as grade 2, for which got a offer of 4lpa, having 5 years experience.

Is this the right CTC i am getting as it is kind of 100% hike to my current CTC?

Also will it be a good idea to join DXC, in BFSI domain, operations. Is there any lay off going on ? Is it safe to join?

like

Merry Christmas or Happy Holidays? How will you be greeting others this holiday season?

like

How do you create more personal (beyond just business) friendly relationships with clients 20+ years older? Where do you find common ground?

like

Additional Posts in Cyber Security Bowl

What are the other Strategy consulting orgs have good size info security practice beside EY, PWC,Accenture,Kpmg, Deloitte.

Anyone have insight into Optiv and the client solutions advisor roles?

like

EY Cyber Seniors - what do you make? Or what did you make as a S1?

like

Tryhackme vs. Hackthebox?

like

Anyone familiar with Kratos Defense and Security Solutions?

like

Anyone do cyber strategy work at EY and available for questions? 😊

like

Been stuck in the framework side of cyber doing assessments and so far every new project or company that says they’re going to offer me a different path, i end up in the same place. Is it hard to pivot to a different career path once you have a lot of experience in one area?

like

Has anyone worked at Protiviti’s cybersecurity team? Looking into positions there and got reached out to by a recruiter for cyber. Looking to avoid any type of IT audit and staff aug work though.

like

Just started a new project with a bank client. Got my client laptop. Opened the web tool they use to change your password across all systems. The https site, wait for it, did not have a SSL cert installed. I get that it's an internal site that requires VPN connectivity, but no cert? Not even a self-signed cert? Really?

likefunny

What's the industry's view on the CISM cert? I know the CISSP is like the gold standard but what about the CISM? Lots of higher level roles require one or the either so it seems like there is value?

likehelpful

EY vs. Accenture for cyber security consulting? Have an opportunity with both. Let’s hear it.

like
like

Any advice or insight into Deloitte DevSecOps interviews or even Security interviews at Deloitte in general Deloitte

like

Is Deloitte hiring in the cloud security practice?

like

Would a company give me a chance in cloud with aws SAA and aws security specialty in your opinion ?

How have Deloitte cyber raises been this year? How are our D 🐠 feeling?

like

🐟 any suggestions on next move? Have offers from following
1) Deloitte - 175K
2) PwC - 160K
3) EY - 165K
Role - M , HCOL, PAM/IAM.
Which one to go with? D has better comp but not sure how WLB is ?

likehelpful

How are DBA privileges provisioned within AWS? How do you prevent SOD conflicts???

like

What would be better move to continue getting good technical exp but also move up over 3-4 years before going to steady industry role towards security architecture? Currently new M in big4 cyber trying to figure out next step. Go to another big4? MBB? Cyber focused company? FAANG?

like

Currently in IR and want to move to a better work life balance role....maybe engineering. Do engineers get paid more than responders/analyst? Looking to get the AWS SAA and maybe try to squeeze my way into a cloud sec role since i have about a year of AWS exp.

like

New to Fishbowl?

Download the Fishbowl app to
unlock all discussions on Fishbowl.
That was just a preview…
Sign Up to see all discussions
  • Discover what it’s like to work at companies from real professionals
  • Get candid advice from people in your field in a safe space
  • Chat and network with other professionals in your field
Sign up in seconds to unlock all discussions on Fishbowl.

Already a user?
Login here

Share

Embed this post

Copy and paste embed code on your site

Preview

Download the
Fishbowl app

See what’s happening in your industry
from the palm of your hand.

A phone with Fishbowl app

Send download link to your phone

OR

Scan your QR code to download
Fishbowl app on your mobile

By continuing you agree to Terms of Use and Privacy Policy.

Messaging rates may apply

Download app

Sign up for free to view this conversation on Fishbowl

By continuing you agree to Terms of Use and Privacy Policy

Already have an account? Log in

Sign up for free to continue using Fishbowl

By continuing you agree to Terms of Use(New) and Privacy Policy(New)
Messaging rates may apply

Already have an account? Log in

For account settings, visit Fishbowl on Desktop Browser or

General

Legal