To identify risk

To develop risk response action plans

To assess the effectiveness of controls

To continuously improve risk management

To ensure continuous improvement

To meet the organization's risk tolerance

To design and implement controls

To train personnel properly

Identifying risk

Developing risk response action plans

Designing and implementing controls

Aligning choices with business objectives

To assess the effectiveness of controls

To continuously improve risk management

To document the results of risk assessment

To intentionally and planned respond to risk

By translating project management into risk management

By aligning choices with business objectives

By developing risk response action plans

By implementing and executing controls

NIST

ISO

COBIT

Sakar

Categorization of information systems

Implementation of security controls

Assessment of security controls

Monitoring for risk response