SFIA View: Cybersecurity governance, risk and compliance Beta
Cybersecurity governance, risk and compliance
Governance GOVN
(modified)
Defining and operating frameworks for decision-making, risk management, stakeholder relationships and compliance with organisational and regulatory obligations.
Risk management BURM
(modified)
Planning and implementing processes for managing risk across the enterprise, aligned with organisational strategy and governance frameworks.
Audit AUDT
(modified)
Delivering independent, risk-based assessments of the effectiveness of processes, the controls and the compliance environment of an organisation.
Information and data compliance PEDP
(modified)
Implementing and promoting compliance with information and data management legislation.
Information management IRMG
(modified)
Enabling the effective management and use of information assets.
Information assurance INAS
(unchanged)
Protecting against and managing risks related to the use, storage and transmission of data and information systems.
Quality management QUMG
(unchanged)
Defining and operating a management framework of processes and working practices to deliver the organisation's quality objectives.
Measurement MEAS
(unchanged)
Developing and operating a measurement capability to support agreed organisational information needs.