Risk treatment plan
This document describes how we plan to treat the identified risks.
| Risk | Threat | Treatment | Measures | Deadline | Responsible |
|---|---|---|---|---|---|
| 2020-01 Mobile device lost | A laptop, tablet or phone is lost and confidential information (source code, e-mail, customer details) gets into wrong hands. | MITIGATE | Implement A.6.2.1 Mobile device policy, A.10.1.1 Policy on the use of cryptographic controls | Maurice Pasman | |
| 2020-22 Data leak or installation of malware at repair shop | Repair shop gets access to (confidential data stored on) mobile device, data is leaked or malware is installed. The likelihood of this risk will increase with a BYOD policy, as users are inclined to choose a cheaper repair shop over an authorized dealer to repair a broken screen. | MITIGATE |
| Security officer (role) |