Audit Risk Management Solutions in PHP

Audit Risk Management Solutions in PHP

Abstract:

Consolidated risk posture of organizations is more than needed nowadays in extended detection and response cybersecurity environments. Integration and automation of the modern risk management includes using controls from platforms and standards like ISO 27001, CIS v8 that should be synchronized and well mapped. Integrated and converged security approach for obtaining integrated and automated risk management is used in this paper. Main goal in this research is to propose a framework for efficient cyber risk management applicable for every type of organization. Proposed framework for automation improvement in cyber risk management includes four main entities and workflow process that describes the relation between the entities. To show the possible practical implementation of this framework, it is tested on a real risk auditing tool [11]. Another benefit of this paper is the mapping of the generated risks in the framework with CIS v8 controls and ISO 27001 controls for compliance purposes, as well as with the configuration settings of the XDR appliance explained in [11]. Mapping with the configuration settings of the selected XDR appliance makes risk mitigation process more successful. Outcome of the proposed framework is to enable simplified, automated, and efficient cyber risk management. Presented solution for automated and integrated risk management is more than needed for the organizations that want to secure their working environment from cyber attacks.