1. GDPR Mapping framework built into security mapping (being refined)
IT System VULN
RISK
Security
Control
Data
Journey
Data Touches Has VULN
Has RISK
Risk Reduced By
Data Source
Threat
Model
Security
Goal
meets
Business
Goal
Helps meet
Project
Mitigates
Has RISK
Used in
identifies
2. Proposed Policy Relationship Schema in Jira
ISO27001*
Policy
RISK
Vuln
GDPR*
mitigates
PCI*
Brand GRC*
IT System
Brand
GRC*
Brand
GRC*
Brand
GRC*
Ismitigatedby
Compliancemetby
Compliesto
Group GRC*
Has policy
Policy covers
Covers
Is covered by
Policy issuetype links via hyperlink to G-Drive policy repository as single ‘source of truth’. Confluence also linked via hyperlink to G-Drive for policies for consistency
* Issuetypes to be yet created.
3. Proposed Policy Relationship Schema in Jira v2
ISO27001*
Policy
RISK
Vuln
GDPR*
mitigates
PCI*
IT System
Is mitigated by
Compliance met by
Complies to
Policy issuetype links via hyperlink to G-Drive policy repository as single ‘source of truth’. Confluence also linked via hyperlink to G-Drive for policies for consistency
* Issuetypes to be yet created.
Security
Control
Meets
Is met by
Security
Goal
Meets
Is met by