IT Governance, Risk, and Compliance:

Threat Management


March 21, 2013  1:02 AM

Risk Management: Is it just another set of business buzzwords? – Part VIII



Posted by: Robert Davis
Administrative Control, Asset Management, Business Continuity, Continuity Management, Crisis Management, Decision Making, Due Care, Due Diligence, Enterprise Governance, Event Management, Incident Management, Information Technology, IT, IT Management, Management Information System, Operating Style, Risk Management, Threat Management

IT policies, directives, standards, procedures, and rules should be deployed based on assessed effectiveness and efficiency in addressing managements risk appetite. Deployed controlling and monitoring activities should reflect management’s strategy for ensuring an adequate IT control system. IT...

March 16, 2013  3:40 PM

Risk Management: Is it just another set of business buzzwords? – Part VII



Posted by: Robert Davis
Administrative Control, Asset Management, Business Continuity, Continuity Management, Crisis Management, Decision Making, Due Care, Due Diligence, Enterprise Governance, Event Management, Incident Management, Information Technology, IT, IT Management, Management Information System, Operating Style, Risk Management, Threat Management

Management should establish standards as baselines for measuring quantity, weight, extent, value, or quality.  Standards can be considered specific goals or objectives against which performance is compared.  Selection of points where performance will be measured is critical to...


March 14, 2013  1:10 AM

Risk Management: Is it just another set of business buzzwords? – Part VI



Posted by: Robert Davis
Administrative Control, Asset Management, Business Continuity, Continuity Management, Crisis Management, Decision Making, Due Care, Due Diligence, Enterprise Governance, Event Management, Incident Management, Information Technology, IT, IT Management, Management Information System, Operating Style, Risk Management, Threat Management

Controlling and monitoring activities attempting to ensure acceptable risk responses include:

  • Policies
  • Directives
  • Standards
  • Procedures
  • Rules
Strategically; policies are definite courses or methods of action...


March 8, 2013  10:41 PM

Risk Management: Is it just another set of business buzzwords? – Part V



Posted by: Robert Davis
Administrative Control, Asset Management, Business Continuity, Continuity Management, Crisis Management, Decision Making, Due Care, Due Diligence, Enterprise Governance, Event Management, Incident Management, Information Technology, IT, IT Management, Management Information System, Operating Style, Risk Management, Threat Management

Usually, IT risk analysis has four primary goals:

  • Identifying assets and their associated values
  • Identifying vulnerabilities and threats
  • Quantifying the probability and business impact of potential threats
  • Providing an economic balance between threat...


March 7, 2013  1:54 AM

Risk Management: Is it just another set of business buzzwords? – Part IV



Posted by: Robert Davis
Administrative Control, Asset Management, Business Continuity, Continuity Management, Crisis Management, Decision Making, Due Care, Due Diligence, Enterprise Governance, Event Management, Incident Management, Information Technology, IT, IT Management, Management Information System, Operating Style, Risk Management, Threat Management

The risk management process introduces a systematic approach for identifying, assessing, and reducing risks as well as maintaining defined acceptable risk levels.  An IT risk assessment should be considered a key risk management practice area.  When management institutionalizes an IT governance...


March 2, 2013  4:38 PM

Risk Management: Is it just another set of business buzzwords? – Part III



Posted by: Robert Davis
Administrative Control, Asset Management, Business Continuity, Continuity Management, Crisis Management, Decision Making, Due Care, Due Diligence, Enterprise Governance, Event Management, Incident Management, Information Technology, IT, IT Management, Management Information System, Operating Style, Risk Management, Threat Management

Similar to business risk management, IT risk management is a continuous process that should be interlaced into the fabric of an entity.  IT risks directly impact an entity’s ability to provide goods and/or services at an acceptable price.  Inherently, computer hardware and software as well as...


February 28, 2013  2:50 AM

Risk Management: Is it just another set of business buzzwords? – Part II



Posted by: Robert Davis
Administrative Control, Asset Management, Business Continuity, Continuity Management, Crisis Management, Decision Making, Due Care, Due Diligence, Enterprise Governance, Event Management, Incident Management, Information Technology, IT, IT Management, Management System, Operating Style, Risk Management, Threat Management

An entity’s business risk management framework should be a strategic axial enabled to accept diverse strategy spokes. Proactively, business risk management should represent the process whereby an entity methodically addresses risks attached to activities with the objective of achieving sustained...


February 23, 2013  6:44 PM

Risk Management: Is it just another set of business buzzwords? – Part I



Posted by: Robert Davis
Administrative Control, Asset Management, Business Continuity, Continuity Management, Crisis Management, Decision Making, Due Care, Due Diligence, Enterprise Governance, Event Management, Incident Management, Information Technology, IT, IT Management, Management System, Operating Style, Risk Management, Threat Management

Risk management is not an issue any ‘going concern’ should consider a platitude used to demonstrate effective leadership.  Those responsible for governance...


July 26, 2011  8:04 PM

Business Continuity and IT Availability – Part VIII



Posted by: Robert Davis
Backup, BCM, BCP, Business Continuity, Crisis Management, Disaster Recovery, DRP, Information Security Governance, Information Security Service Management, Information Technology Service Management, ISG, ISSM, ITSM, Service Delivery, Service Disruption, Threat Management

Directly, an entity’s DRP has a significant affect on the viability of IT and information security governance programs. Indirectly, IT and information security governance programs may impact stakeholder assessed entity value. Regardless of organizational formation -- corporation, partnership,...


July 22, 2011  5:35 PM

Business Continuity and IT Availability – Part VII



Posted by: Robert Davis
Backup, BCM, BCP, Business Continuity, Crisis Management, Disaster Recovery, DRP, Information Security Governance, Information Security Service Management, Information Technology Service Management, ISG, ISSM, ITSM, Service Delivery, Service Disruption, Threat Management

Through establishment and deployment of an emergency management program, top-level personnel can send a clear message to everyone in the entity that business continuity and disaster recovery control...


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: