IT Governance, Risk, and Compliance

Mar 8 2013   10:41PM GMT

Risk Management: Is it just another set of business buzzwords? – Part V

Robert Davis Robert Davis Profile: Robert Davis

Usually, IT risk analysis has four primary goals:

  • Identifying assets and their associated values
  • Identifying vulnerabilities and threats
  • Quantifying the probability and business impact of potential threats
  • Providing an economic balance between threat impact and countermeasure cost

Normally, the IT Threat Assessment precedes the IT Vulnerability Assessment. However, Vulnerability Analysis results can identify relevant threats and Threat or Opportunity Analysis results can identify relevant vulnerabilities. The Association of Insurance and Risk Managers, the Association of Local Authority Risk Managers, and the Institute of Risk Management business risk model categories can be mapped into IT risk analysis. For example, usually risk identification, description, and estimation are respectively included as asset valuation, action plan, and risk evaluation sub-processes.

Source

Davis, Robert E. (2011). Assuring IT Governance. Available from http://www.amazon.com/Assuring-Governance-Assurance-Services-ebook/dp/B0058P58E0 and http://www.smashwords.com/books/view/70359

Davis, Robert E. (2006). IT Auditing: IT Governance. Mission Viejo: Pleier. CD-ROM.

 

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: