IT Governance, Risk, and Compliance:

Continuity Management


March 21, 2013  1:02 AM

Risk Management: Is it just another set of business buzzwords? – Part VIII



Posted by: Robert Davis
Administrative Control, Asset Management, Business Continuity, Continuity Management, Crisis Management, Decision Making, Due Care, Due Diligence, Enterprise Governance, Event Management, Incident Management, Information Technology, IT, IT Management, Management Information System, Operating Style, Risk Management, Threat Management

IT policies, directives, standards, procedures, and rules should be deployed based on assessed effectiveness and efficiency in addressing managements risk appetite. Deployed controlling and monitoring activities should reflect management’s strategy for ensuring an adequate IT control system. IT...

March 16, 2013  3:40 PM

Risk Management: Is it just another set of business buzzwords? – Part VII



Posted by: Robert Davis
Administrative Control, Asset Management, Business Continuity, Continuity Management, Crisis Management, Decision Making, Due Care, Due Diligence, Enterprise Governance, Event Management, Incident Management, Information Technology, IT, IT Management, Management Information System, Operating Style, Risk Management, Threat Management

Management should establish standards as baselines for measuring quantity, weight, extent, value, or quality.  Standards can be considered specific goals or objectives against which performance is compared.  Selection of points where performance will be measured is critical to...


March 14, 2013  1:10 AM

Risk Management: Is it just another set of business buzzwords? – Part VI



Posted by: Robert Davis
Administrative Control, Asset Management, Business Continuity, Continuity Management, Crisis Management, Decision Making, Due Care, Due Diligence, Enterprise Governance, Event Management, Incident Management, Information Technology, IT, IT Management, Management Information System, Operating Style, Risk Management, Threat Management

Controlling and monitoring activities attempting to ensure acceptable risk responses include:

  • Policies
  • Directives
  • Standards
  • Procedures
  • Rules
Strategically; policies are definite courses or methods of action...


March 8, 2013  10:41 PM

Risk Management: Is it just another set of business buzzwords? – Part V



Posted by: Robert Davis
Administrative Control, Asset Management, Business Continuity, Continuity Management, Crisis Management, Decision Making, Due Care, Due Diligence, Enterprise Governance, Event Management, Incident Management, Information Technology, IT, IT Management, Management Information System, Operating Style, Risk Management, Threat Management

Usually, IT risk analysis has four primary goals:

  • Identifying assets and their associated values
  • Identifying vulnerabilities and threats
  • Quantifying the probability and business impact of potential threats
  • Providing an economic balance between threat...


March 7, 2013  1:54 AM

Risk Management: Is it just another set of business buzzwords? – Part IV



Posted by: Robert Davis
Administrative Control, Asset Management, Business Continuity, Continuity Management, Crisis Management, Decision Making, Due Care, Due Diligence, Enterprise Governance, Event Management, Incident Management, Information Technology, IT, IT Management, Management Information System, Operating Style, Risk Management, Threat Management

The risk management process introduces a systematic approach for identifying, assessing, and reducing risks as well as maintaining defined acceptable risk levels.  An IT risk assessment should be considered a key risk management practice area.  When management institutionalizes an IT governance...


March 2, 2013  4:38 PM

Risk Management: Is it just another set of business buzzwords? – Part III



Posted by: Robert Davis
Administrative Control, Asset Management, Business Continuity, Continuity Management, Crisis Management, Decision Making, Due Care, Due Diligence, Enterprise Governance, Event Management, Incident Management, Information Technology, IT, IT Management, Management Information System, Operating Style, Risk Management, Threat Management

Similar to business risk management, IT risk management is a continuous process that should be interlaced into the fabric of an entity.  IT risks directly impact an entity’s ability to provide goods and/or services at an acceptable price.  Inherently, computer hardware and software as well as...


February 28, 2013  2:50 AM

Risk Management: Is it just another set of business buzzwords? – Part II



Posted by: Robert Davis
Administrative Control, Asset Management, Business Continuity, Continuity Management, Crisis Management, Decision Making, Due Care, Due Diligence, Enterprise Governance, Event Management, Incident Management, Information Technology, IT, IT Management, Management System, Operating Style, Risk Management, Threat Management

An entity’s business risk management framework should be a strategic axial enabled to accept diverse strategy spokes. Proactively, business risk management should represent the process whereby an entity methodically addresses risks attached to activities with the objective of achieving sustained...


February 23, 2013  6:44 PM

Risk Management: Is it just another set of business buzzwords? – Part I



Posted by: Robert Davis
Administrative Control, Asset Management, Business Continuity, Continuity Management, Crisis Management, Decision Making, Due Care, Due Diligence, Enterprise Governance, Event Management, Incident Management, Information Technology, IT, IT Management, Management System, Operating Style, Risk Management, Threat Management

Risk management is not an issue any ‘going concern’ should consider a platitude used to demonstrate effective leadership.  Those responsible for governance...


December 13, 2012  1:52 AM

eBook excerpt: Assuring Information Security – Part I



Posted by: Robert Davis
Accountability, Acquire and Implement, Asset Management, Availability Management, COBIT Domains, Continuity Management, Control Objectives for Information and related Technology, Deliver and Support, Due Diligence, Fiduciary Responsibility, Framework, Information Assets Protection, Information Security Governance, Information Security Management, ISG, Key Performance Indicators, Monitor and Evaluate, Performance Measurement, Plan and Organize, Risk Management, Security Frameworks, Strategic Alignment, Value Delivery

Chapter 1: Information Security Governance

“The information possessed by an organization is among its most valuable assets and is critical to its success.  The Board of Directors, which is ultimately accountable for the organization’s success, is therefore...


August 23, 2011  8:30 PM

An Overview of IT Service Delivery and Support – Part VIII



Posted by: Robert Davis
Asset Management, Availability Management, Capacity Management, Change Management, Configuration Management, Continuity Management, Financial Management, IEC, Information Security Management, ISO, ITSM, Service Level Management

Aligned with the generally accepted IT value definition; IT service basic principles should deliver appropriate quality, on-time and within-budget, while achieving promised benefits. Where these basic principles are earnestly harmonized, IT service delivery and support benefits...


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: