You are currently focusing on the certification. Go to program dashboard.
Feel like you are herding cats when trying to manage a vast number of information security vulnerability action plans and keep up with the many milestones that they establish? Actually, that is exactly like herding cats and its a tough job.
Feel like you are herding cats when trying to manage a vast number of information security vulnerability action plans and keep up with the many milestones that they establish? Actually, that is exactly like herding cats and its a tough job.
To help, OCEG and sponsor RSA have produced a new Playbook for those who face the challenges of keeping on top of defects and correcting them in budget and on time. While the Plan of Action and Milestones (POA&M) Management process is required for for government agencies and contractors, it can also provide a useful roadmap for those in the private sector to follow.
Scope of This POA&M Playbook
This playbook takes a deep dive into one discrete aspect of information security in the public sector the management of POA&Ms. It provides three play sheets that outline key actions, which should be adapted to fit the organizational structure, risk tolerance levels and key concerns identified by your organization. The playsheets also offer value when used to evaluate the capabilities of software as you assess what you have and what you may need to acquire to adequately manage your process risks. The playsheets combined with an automation tool empower organizations to consistently track and manage findings and risks. The Playbook concludes with an overview of added benefits from the use of a customizable technology that integrates information from all three stages of information security management.
Featured in: Risk , Risk Assessment , Risk Management
Information & Billing:
+1 (602) 234-9278
Principled Performance, Driving Principled Performance, Putting Principles Into Practice, OCEG, GRC360°, ActiveLearning, EventDay and LeanGRC are registered trademarks of OCEG.
Protector Skillset, Protector Mindset, Protector Code, Lines of Accountability, GRC Professional, GRCP, GRC Fundamentals, GRC Auditor, GRCA, GRC Audit Fundamentals, Data Privacy Fundamentals, Integrated Data Privacy Professional, IDPP, Policy Management Fundamentals, Integrated Policy Management Professional, IPMP, Integrated Audit & Assurance Professional, IAAP, Integrated Governance & Oversight Professional, IGOP, Integrated Strategy & Performance Professional, ISPP, Integrated Risk Management Professional, IRMP, Integrated Decision Management Professional, IDMP, Integrated Compliance & Ethics Professional, ICEP, Integrated Business Continuity Professional, IBCP, Integrated Information Security Professional, IISP are trademarks of OCEG.