Find Resources and
Connect with members on topics that interest you.
Please sign in to see your topics.
Risk assessment and risk management are integral parts of IT security at any organization, or at least they should be. One would think that, IT being critical to an organization’s operations, the risk related to IT and IT security would be covered by many different risk management frameworks, including the Committee of Sponsoring Organizations of the Treadway Commission (COSO) for enterprise risk management (ERM),the Risk Management Society’s RIMS Risk Maturity Model (RMM), Project Management Institute’s (PMI) Project Risk Management, International Organization for Standardization(ISO)/International Electrotechnical Commission(IEC) 27005 Information technology—Security techniques—Information security risk management and the ISO 31000 family. However, this was not the case until recently. When it comes to risk management in the IT domain and specifically the governance and management of enterprise IT, arguably, there is only one leading globally accepted and in-use business framework to employ: COBIT® 5.
To read this article in its entirety and discuss, click here: http://www.isaca.org/COBIT/focus/Pages/cobit-5-for-risk-a-powerful-tool-for-risk-management.aspx.
You must login to leave a comment.
You must be a logged in to start a discussion.