Archive for the ‘Risk Assessment’ Category

Fundamentals of Information Risk Management Auditing

New information and IT risks seem to be everywhere, so it is essential that organizations address these risks in the context of enterprise risk management (ERM). ERM is a practice that has become increasingly popular. It’s important that an organization’s information risk management specialist or auditor understands this practice because much of their work will […]

Leave a Comment

5 Must Read Books to Jumpstart Your Career in Risk Management

FAIR Institute blog by Isaiah McGowan Read Books to Jumpstart Your Career in Risk Management What are the must have resources for people new to operational and cyber risk? This list outlines what books I would recommend to new analyst or manager. They’re not ranked by which book is best. Instead, I list them in the recommended reading […]

Leave a Comment

Independent Risk Assessment

The essential suite for undertaking an independent risk assessment compliant with ISO/IEC 27001; supporting ISO/IEC 27002 and conforming to ISO/IEC 27005, whilst providing guidance to multiple internal Asset Owners. Risk assessment is the core competence of information security management. This toolkit provides essential information, guidance & tools YOU NEED to undertake an effective ISO 27001 […]

Leave a Comment

10 Steps To Assess Cyber Security Risk

October is National Cyber Security Awareness Month and it is an opportunity to engage public and private sector stakeholders – especially the general public – to create a safe, secure, and resilient cyber environment. Everyone has to play a role in cybersecurity. Constantly evolving cyber threats require the engagement of the entire nation — from […]

Leave a Comment

Risk management – ISO 27005 could be the cure

By Catherine Thornley @ ITG Risk management in information security management and how ISO/IEC 27005 can help you tackle it effectively. Risk is arguably one of the most commonly used words in business, but what does it actually mean? There are many English dictionary definitions, many centred around “a situation involving exposure to danger” and whilst […]

Comments (2)

Risk Assessment control selection and cost savings

In risk management, risk treatment process begins after completion of a comprehensive risk assessment. Once risks have been assessed, risk manager utilize the following techniques to manage the risks • Avoidance (eliminate) • Reduction (mitigate) • Transfer (outsource or insure) • Retention (accept and budget) Now the question is how to select an appropriate control […]

Leave a Comment

Risk Assessment Critical for the Security of Information Assets

Information Security Risk Management for ISO27001 / ISO27002 Today, there is hardly any organisation that doesn’t recognise the critical role that information technology plays in supporting its business objectives. September 01, 2011 /24-7PressRelease/ — Today, there is hardly any organisation that doesn’t recognise the critical role that information technology plays in supporting its business objectives. […]

Comments (2)

IT risk assessment frameworks: real-world experience

By Bob Violino, CSO Assessing and managing risk is a high priority for many organizations, and given the turbulent state of information security vulnerabilities and the need to be compliant with so many regulations, it’s a huge challenge. Several formal IT risk-assessment frameworks have emerged over the years to help guide security and risk executives […]

Leave a Comment

What is a risk assessment framework

Image by Adam Melancon via Flickr The Security Risk Assessment Handbook: A Complete Guide for Performing Security Risk Assessments Definition – A risk assessment framework (RAF) is a strategy for prioritizing and sharing information about the security risks to an information technology (IT) infrastructure. A good RAF organizes and presents information in a way that […]

Leave a Comment

Audit of security control and scoping

Information Technology Control and Audit The audit is utilized as a tool to check compliance control based on standards such as ISO 27002 or NIST 800-53 etc. Some other terms which are not sometime rigorous audit have been used to asses controls are gap analysis, benchmarking and control review. Scoping sets the boundaries of the […]

Comments (1)

Cyber threats and overall security assessment

Image via Wikipedia In the past when senior management (execs) needed to understand the financial implication of cyber threats and their exposures, they turned their questionnaires toward IT for relevant answers. In other words IT risk assessment was the answer in the past to understand the financial implications of cyber threats. The IT risk assessment […]

Comments (1)

Risk Assessment and System Profiling

In real estate it’s all about location and the same way to succeed in information security risk assessment, it’s all about precise profiling of a system under review. The system profile sets the boundaries of an assessment and the reviewer includes or excludes assets in the review based on their criticality and sensitivity and the […]

Leave a Comment


SEO Powered By SEOPressor