Find Resources & Connect with members on topics that interest you.

AI - Acquire and Implement

PO - Plan and Organize

DS - Deliver and Support

Please sign in to see your topics.

You must be logged in to join this group.

PO4.8 - Responsibility for Risk, Security and Compliance

This topic is intended to enable collaboration and sharing of information to facilitate a better understanding and approach to implementing this COBIT control objective based on the risk, value and guidance provided by its corresponding control practices.

COBIT Control Objective PO4.8 - Responsibility for Risk, Security and Compliance is contained within Process Popup Define the IT Processes, Organisation and Relationships

Learn more about COBIT and related publications.

Click “Join This Community” to be able to actively participate in discussions and contribute content. You must be an ISACA member to join this topic. Join ISACA now.

This Topic Has:
11 Members
0 Online
4086 Visits

 Recent Discussions

Community Leader

Knowledge Center Manager

Knowledge Center Manager

Title: Become a Topic Leader!

Badge: Energizer

Responsibility for Risk, Security and Compliance

Embed ownership and responsibility for IT-related risks within the business at an appropriate senior level. Define and assign roles critical for managing IT risks, including the specific responsibility for information security, physical security and compliance. Establish risk and security management responsibility at the enterprise level to deal with organisationwide issues. Additional security management responsibilities may need to be assigned at a system-specific level to deal with related security issues. Obtain direction from senior management on the appetite for IT risk and approval of any residual IT risks.

View value and Risk Drivers  help

Hide value and Risk Drivers help

Value Drivers

  • Improved protection and integrity of information assets
  • Risk, security and compliance responsibilities embedded at senior management level
  • Senior management support in risk, security and compliance issues
  • Security mechanisms as effective and efficient countermeasures for the organisation’s threats
  • Proactive identification and resolution of risk, security and compliance issues
  Risk Drivers
  • Improper protection of information assets
  • Loss of confidential information
  • Financial losses
  • Lack of management commitment for organisationwide security
  • Non-compliance risk
  • Unclear understanding of the organisation’s IT risk appetite

View Control Practices  help

Hide Control Practices  help

  1. Encourage senior management to establish an organisationwide, adequately staffed risk management and information security function with overall accountability for risk management and information security. The reporting line of the risk management and information security function is such that it can effectively design, implement and, in conjunction with line management, enforce compliance with the organisation’s risk management and information security policies, standards and procedures.
  2. Formalise and document roles and responsibilities for the risk management and information security function. Allocate these responsibilities to appropriately skilled and experienced staff and, in the case of information security, under the direction of an information security officer.
  3. Regularly assess the resource requirements in relation to risk management and information security. Assess whether appropriate resources are provided to meet the needs of the business.
  4. Put a process in place to obtain senior management guidance concerning the enterprise’s risk profile and acceptance of significant residual risks.

Discussions: 0 total

Must be a Topic member to contribute

No Results Found

Documents & Publications: 194 total

Must be a Topic member to contribute
View All »
Posted by ISACA 31 days ago
Posted by ISACA 500 days ago
Posted by ISACA 714 days ago
Posted by ISACA 759 days ago

Events & Online Learning: 25 total

16 Mar 2015
ISACA International Event
Orlando, FL, USA
15 Jun 2015
ISACA International Event
Ciudad de México, Mexico
1 Aug 2016
ISACA International Event
Chicago, IL, USA

Journal Articles: 454 total

Volume 6, 2015
by Ed Gelbstein, Ph.D.
An auditor will sooner or later be faced with two kinds of conflicts: conflict of interest and interpersonal conflict.
Volume 5, 2107
by Marianne Bradford, Ph.D., and Dave Henderson, Ph.D.
Although generalized audit software (GAS) has been shown to significantly improve the efficiency and effectiveness of audits, many auditors do not use this technology.
Volume 3, 2107
by Jayakumar Sundaram, CISA, ISO 27001 LA
The SoA is a continuously updated and controlled document that provides an overview of information security implementation.
Volume 1, 2018
by Mike Van Stone, CISA, CISSP, CPA, and Ben Halpert
Ever-changing laws continue to increase the risk and cost of noncompliance when unintentional data losses occur.
Volume 1, 2018
by ISACA Member and Certification Holder Compliance
An up-to-date listing of the current IT Audit and Assurance Standards, Guidelines, and Tools and Techniques
Volume 1, 2018
by Andrew Clark
With advances in computing power, the abundance of data storage and recent advances in algorithm design, machine learning is increasingly being utilized by corporations to...

Wikis: 2 total

Blog Posts: 282 total

Our greatest vulnerability with regard to a potential accidental insider cyber-attack resides with contractors, employees and system administrators.  This is greater than the vulnerability represented by mobile devices, email servers and enterprise...
Posted By : Robert658 | 1 comments
There are some math models for business that MBAs are taught. Just like assembling burgers for fast food or call wait queue management in a call center, vulnerability patching is a time based business opportunity. Leadership can be expected to use this ...
Posted By : Don Turnblade | 0 comments
I predict that on 1 July 2018, I will be calmly eating a barbecue sandwich, talking with friends and possibly, I will burn a copy of the RFC2246: TLS version 1.0 standard for entertainment value.  Those will less effective Vendor, Network, Systems, Applic...
Posted By : Don Turnblade | 0 comments
Posted By : TafadzwaPadare | 1 comments
2 Feb 2018
We are happy to announce that  on Feb//2018  the ISACA awareness session  was held in Baghdad.This the first time to speak about ISACA Value in Iraq.Professional from government and private sector were excited to hear about ISACA value and they started to...
Posted By : Ali099 | 0 comments
Greetings, is there any member currently studying for their CISA examination so that we can join hands and work together?
Posted By : TafadzwaPadare | 0 comments