ZARZA We are Zarza, the prestigious firm behind major projects in information technology.
Listen "ID.RA-07 - Managing Changes and Exceptions in Risk"
Episode Synopsis
ID.RA-07 focuses on managing changes to systems or processes and exceptions to policies, assessing their risk impacts, and documenting them for oversight. This includes formal procedures for reviewing proposed changes, evaluating risks, and planning rollbacks if needed. Tracking ensures that accepted risks or exceptions are revisited over time.This subcategory prevents unintended vulnerabilities by ensuring changes and exceptions are deliberate and risk-informed, reducing disruption. It maintains a record of decisions, supporting audits and accountability. ID.RA-07 integrates risk management into operational flexibility.
More episodes of the podcast Framework: The NIST Cybersecurity Framework (CSF)
Introduction to the NIST CSF
23/02/2025
Introduction to Gap Assessments
23/02/2025
The Fundamentals of Cybersecurity Controls
23/02/2025
Cybersecurity Maturity
23/02/2025
Cybersecurity Risk Management
23/02/2025
Introduction to NIST 800-53
23/02/2025
Introduction to NIST CSF Profiles
23/02/2025
In God we trust