This Tactical Tier control triangle seeks to identify, assess, mitigate, and monitor risks that could affect the security, performance, risk mitigation, and continuity of it's information systems and processes.

This control rolls down from the Manage Demand Domain and cascades into: 1.3.1.1-Risk, 1.3.1.2-Audit, and 1.3.1.3-Resumption controls.

---

Control Mappings:
Cobit:2019 ➡️ EDM03; EDM03; EDM03.01; EDM03.01; EDM03.02; EDM03.03; APO10; APO10.04; APO12; APO12; APO12.01; APO12.02; APO12.02; APO12.03; APO12.03; APO12.04; APO14; APO14.04; BAI01; BAI01.08; BAI02; BAI02; BAI02.03; BAI02.03; BAI04; BAI04.02; BAI11; BAI11.01; BAI11.06; BAI11.06; DSS04; DSS04.05; MEA01; MEA01.03; MEA01.05; MEA02; MEA02.02; MEA03; MEA03.02; MEA04; MEA04.02; MEA04.06; MEA04.09
GDPR:2024 ➡️ Art.22; Art.24; Art.31; Art.33; Art.35; Art.36; Art.51; Art.58; Art.66; Art.70
ISO27001:2022 ➡️ 4; 4.1; 4.3; 4.4; 5; 5.1; 6; 6.1; 6.1.1; 6.2; 7; 7.1; 8; 8.1; 9; 9.1
ISO27005:2022 ➡️ 5-Information; 5.1; 6; 6.4
ISO31000:2018 ➡️ 4; 5; 5.2; 5.4; 5.4.2; 6; 6.1; 6.3.1; 6.4.1
ISO38500:2024 ➡️ 4; 4.2; 5; 5.2.2; 5.4.2; 5.5.1; 5.8; 5.10; 5.10.1; 6; 6.2; 6.2.2; 7; 7.2; 7.2.7
ITIL:v4 ➡️ GM1; GM3; GM7; GM8; GM10; GM12
NIST:CSFv2 ➡️ GV; GV.RM; GV.RM-01; GV.RM-02; GV.RM-04; GV.OV-02; GV.SC-03; ID; ID.AM-08; ID.RA; ID.RA-01; ID.RA-05; ID.RA-06; ID.IM; ID.IM-02; ID.IM-03
MaRisk:2024 ➡️ AT 4.2(2); AT 4.3(b); AT 4.3.2(1); AT 5(3b); BTR 4(1)