Description
The Security Traceability (Sc-Tr) domain depicts the mapping of a risk to each of the following: risk owner, risk mitigations, and affected asset roles.
Implementation
The Security Traceability (Sc-Tr) domain is represented by:
- Security Controls to Risks Mapping Matrix shows which operational or resource asset roles mitigate risks.
- Risks to Assets Mapping Matrix shows which risks are applicable to Asset Roles.
Sample
An example of the Security Controls to Risk Mapping Matrix
