Description
The Security Traceability (Sc-Tr) domain depicts the mapping of a risk to each of the following: risk owner, risk mitigations, and affected asset roles.
Implementation
The Security Traceability (Sc-Tr) domain is represented by:
- Security Controls to Risks Mapping matrix shows which operational or resource asset roles mitigate risks.
- Risks to Assets Mapping matrix shows which risks are applicable to Asset Roles.
Sample
An example of the Security Controls to Risk Mapping matrix
An example of the Risks to Assets Mapping matrix
Related procedures