March 16, 2013 3:40 PM
Posted by: Robert Davis
Administrative Control,
Asset Management,
Business Continuity,
Continuity Management,
Crisis Management,
Decision Making,
Due Care,
Due Diligence,
Enterprise Governance,
Event Management,
Incident Management,
Information Technology,
IT,
IT Management,
Management Information System,
Operating Style,
Risk Management,
Threat ManagementManagement should establish standards as baselines for measuring quantity, weight, extent, value, or quality. Standards can be considered specific goals or objectives against which performance is compared. Selection of points where performance will be measured is critical to...
March 14, 2013 1:10 AM
Posted by: Robert Davis
Administrative Control,
Asset Management,
Business Continuity,
Continuity Management,
Crisis Management,
Decision Making,
Due Care,
Due Diligence,
Enterprise Governance,
Event Management,
Incident Management,
Information Technology,
IT,
IT Management,
Management Information System,
Operating Style,
Risk Management,
Threat ManagementControlling and monitoring activities attempting to ensure acceptable risk responses include:
- Policies
- Directives
- Standards
- Procedures
- Rules
Strategically;
policies are definite courses or methods of action...
March 8, 2013 10:41 PM
Posted by: Robert Davis
Administrative Control,
Asset Management,
Business Continuity,
Continuity Management,
Crisis Management,
Decision Making,
Due Care,
Due Diligence,
Enterprise Governance,
Event Management,
Incident Management,
Information Technology,
IT,
IT Management,
Management Information System,
Operating Style,
Risk Management,
Threat ManagementUsually, IT risk analysis has four primary goals:
- Identifying assets and their associated values
- Identifying vulnerabilities and threats
- Quantifying the probability and business impact of potential threats
- Providing an economic balance between threat...
March 7, 2013 1:54 AM
Posted by: Robert Davis
Administrative Control,
Asset Management,
Business Continuity,
Continuity Management,
Crisis Management,
Decision Making,
Due Care,
Due Diligence,
Enterprise Governance,
Event Management,
Incident Management,
Information Technology,
IT,
IT Management,
Management Information System,
Operating Style,
Risk Management,
Threat ManagementThe risk management process introduces a systematic approach for identifying, assessing, and reducing risks as well as maintaining defined acceptable risk levels. An IT risk assessment should be considered a key risk management practice area. When management institutionalizes an IT governance...
March 2, 2013 4:38 PM
Posted by: Robert Davis
Administrative Control,
Asset Management,
Business Continuity,
Continuity Management,
Crisis Management,
Decision Making,
Due Care,
Due Diligence,
Enterprise Governance,
Event Management,
Incident Management,
Information Technology,
IT,
IT Management,
Management Information System,
Operating Style,
Risk Management,
Threat ManagementSimilar to business risk management, IT risk management is a continuous process that should be interlaced into the fabric of an entity. IT risks directly impact an entity’s ability to provide goods and/or services at an acceptable price. Inherently, computer hardware and software as well as...
February 28, 2013 2:50 AM
Posted by: Robert Davis
Administrative Control,
Asset Management,
Business Continuity,
Continuity Management,
Crisis Management,
Decision Making,
Due Care,
Due Diligence,
Enterprise Governance,
Event Management,
Incident Management,
Information Technology,
IT,
IT Management,
Management System,
Operating Style,
Risk Management,
Threat ManagementAn entity’s business risk management framework should be a strategic axial enabled to accept diverse strategy spokes. Proactively, business risk management should represent the process whereby an entity methodically addresses risks attached to activities with the objective of achieving sustained...
February 23, 2013 6:44 PM
Posted by: Robert Davis
Administrative Control,
Asset Management,
Business Continuity,
Continuity Management,
Crisis Management,
Decision Making,
Due Care,
Due Diligence,
Enterprise Governance,
Event Management,
Incident Management,
Information Technology,
IT,
IT Management,
Management System,
Operating Style,
Risk Management,
Threat ManagementRisk management is not an issue any ‘going concern’ should consider a platitude used to demonstrate effective leadership. Those responsible for governance...
December 13, 2012 1:52 AM
Posted by: Robert Davis
Accountability,
Acquire and Implement,
Asset Management,
Availability Management,
COBIT Domains,
Continuity Management,
Control Objectives for Information and related Technology,
Deliver and Support,
Due Diligence,
Fiduciary Responsibility,
Framework,
Information Assets Protection,
Information Security Governance,
Information Security Management,
ISG,
Key Performance Indicators,
Monitor and Evaluate,
Performance Measurement,
Plan and Organize,
Risk Management,
Security Frameworks,
Strategic Alignment,
Value DeliveryChapter 1: Information Security Governance
“The information possessed by an organization is among its most valuable assets and is critical to its success. The Board of Directors, which is ultimately accountable for the organization’s success, is therefore...
August 23, 2011 8:30 PM
Posted by: Robert Davis
Asset Management,
Availability Management,
Capacity Management,
Change Management,
Configuration Management,
Continuity Management,
Financial Management,
IEC,
Information Security Management,
ISO,
ITSM,
Service Level ManagementAligned with the generally accepted IT value definition; IT service basic principles should deliver appropriate quality, on-time and within-budget, while achieving promised benefits. Where these basic principles are earnestly harmonized, IT service delivery and support benefits...
