risk control matrix

Download free ISO 27001 Information Classification, Labelling and Handling (available in PDF and XLS format):

Objectives:
- The organization defines in the security plan, explicitly or by reference, its protected environment for media labeling requirements;
- The organization defines in the security plan, explicitly or by reference, media types and hardware components that are exempted from external labeling requirements; and
- The organization affixes external labels to removable information storage media and information system output not otherwise exempted from this labeling requirement, indicating the distribution limitations, handling caveats, and applicable security markings (if any) of the information.

Download free Risk Assessment Audit Program Checklist. This Risk Assessment Audit Program covers detail risk that identified within Risk Analysis process and the audit procedures that should be performed such as risks that:
- Management does not have a business planning process in place that examines existing objectives and establishes new objectives when necessary.
- Management has not established business plans and budgets with realistic goals, and incentives for achievement of plans are not balanced.

Download free Data Center Operations Risk Control Matrix. Some of control objective that covered in this risk control matrix are:
- Management has established and documented standard procedures for IT operations, including managing, monitoring and responding to security, availability and processing integrity events.

- Controls exist to maintain processing continuity during operator shift changes by providing for the formal handover of activity, status updates and reports on current operations.

- System event data are sufficiently retained to provide chronological information and logs to enable the reconstruction, review and examination of the time sequences of processing or batch jobs.