Purpose
- The Risk Based Framework (RBF) is a risk classification system developed by the Enterprise Cyber Security (ECS) department of the Cyber Risk Management team.
- ECS policy is intended to protect the firm in an evolving threat landscape, regardless of changes in technology or business practices.
- Even if specific terminology or scenarios are not part of the text, it is expected that you will exercise sound reasoning and judgment to adhere to the intent of stated requirements, practices, and implementations in both letter and spirit.
Scope
- All systems that are listed in the IT Service Manager (ITSM) application (e.g., ServiceNow), are required to have an RBF classification.
- All systems where the lifecycle stage is ‘Concept’, ‘Acquisition/Development’, or ‘Retired’ are not in scope.
No comments:
Post a Comment