Risk Frameworks
BITS Kalculator
Content Type: Standard ContentLicense Type: Third-Party
The BITS Risk Catalog is based on the BITS Kalculator. BITS is a nonprofit organization specializing in providing compliance and risk-related guidance to the financial and banking industry. The Kalculator is intended for use by financial institutions to identify key information security risks that should be considered in broader enterprise-wide operational risk models. The BITS Risk Catalog is mapped to the Common Control Framework, allowing users to assess the risk of non-compliance.
Cloud Risk Management
Content Type: Advanced ContentLicense Type: Included
The Agiliance Cloud Risk Management consists of multiple content packs, which include controls, common control mapping, suggested guidelines for evidence, pre-created questionnaires and surveys, audit and executive ready out-of-the-box reports and dashboards, as well as additional documentation as it relates to the following:
- CSA GRC Stack (CCM, CAIQ): The CSA GRC Stack content pack includes two sets of CSA content and one API. Controls in the CSA GRC Stack map directly to current versions of COBIT, HIPAA, ISO, NIST and PCI frameworks/regulations. Content included consists of the following:
- Cloud Controls Matrix (CCM): provides a controls framework that gives detailed understanding of security concepts and principles that are aligned to the Cloud Security Alliance guidance in 13 domains.
- Consensus Assessments Initiative Questionnaire (CAIQ): performs research, creates tools and creates industry partnerships to enable cloud computing assessments. The CAIQ provides industry-accepted ways to document what security controls exist in IaaS, PaaS, and SaaS offerings, providing security control transparency. The questionnaire (CAIQ) provides a set of questions a cloud consumer and cloud auditor may wish to ask of a cloud provider.
- SAS 70 II / SSAE 16 Reporting
- NIST 800 Series
