Find Resources & Connect with members on topics that interest you.

AI - Acquire and Implement

PO - Plan and Organize

DS - Deliver and Support

Please sign in to see your topics.

You must be logged in to join this group.

PO4.8 - Responsibility for Risk, Security and Compliance

This topic is intended to enable collaboration and sharing of information to facilitate a better understanding and approach to implementing this COBIT control objective based on the risk, value and guidance provided by its corresponding control practices.

COBIT Control Objective PO4.8 - Responsibility for Risk, Security and Compliance is contained within Process Popup Define the IT Processes, Organisation and Relationships

Learn more about COBIT and related publications.

Click “Join This Community” to be able to actively participate in discussions and contribute content. You must be an ISACA member to join this topic. Join ISACA now.

This Topic Has:
11 Members
0 Online
4173 Visits

 Recent Discussions

Community Leader

Knowledge Center Manager

Knowledge Center Manager

Title: Become a Topic Leader!

Badge: Energizer

Responsibility for Risk, Security and Compliance

Embed ownership and responsibility for IT-related risks within the business at an appropriate senior level. Define and assign roles critical for managing IT risks, including the specific responsibility for information security, physical security and compliance. Establish risk and security management responsibility at the enterprise level to deal with organisationwide issues. Additional security management responsibilities may need to be assigned at a system-specific level to deal with related security issues. Obtain direction from senior management on the appetite for IT risk and approval of any residual IT risks.

View value and Risk Drivers  help

Hide value and Risk Drivers help

Value Drivers

  • Improved protection and integrity of information assets
  • Risk, security and compliance responsibilities embedded at senior management level
  • Senior management support in risk, security and compliance issues
  • Security mechanisms as effective and efficient countermeasures for the organisation’s threats
  • Proactive identification and resolution of risk, security and compliance issues
  Risk Drivers
  • Improper protection of information assets
  • Loss of confidential information
  • Financial losses
  • Lack of management commitment for organisationwide security
  • Non-compliance risk
  • Unclear understanding of the organisation’s IT risk appetite

View Control Practices  help

Hide Control Practices  help

  1. Encourage senior management to establish an organisationwide, adequately staffed risk management and information security function with overall accountability for risk management and information security. The reporting line of the risk management and information security function is such that it can effectively design, implement and, in conjunction with line management, enforce compliance with the organisation’s risk management and information security policies, standards and procedures.
  2. Formalise and document roles and responsibilities for the risk management and information security function. Allocate these responsibilities to appropriately skilled and experienced staff and, in the case of information security, under the direction of an information security officer.
  3. Regularly assess the resource requirements in relation to risk management and information security. Assess whether appropriate resources are provided to meet the needs of the business.
  4. Put a process in place to obtain senior management guidance concerning the enterprise’s risk profile and acceptance of significant residual risks.

Discussions: 0 total

Must be a Topic member to contribute

No Results Found

Documents & Publications: 187 total

Must be a Topic member to contribute
View All »
Posted by ISACA 154 days ago
Posted by ISACA 623 days ago
Posted by ISACA 837 days ago
Posted by ISACA 882 days ago

Events & Online Learning: 20 total

16 Mar 2015
ISACA International Event
Orlando, FL, USA
15 Jun 2015
ISACA International Event
Ciudad de México, Mexico
1 Aug 2016
ISACA International Event
Chicago, IL, USA

Journal Articles: 480 total

Volume 6, 2015
by Ed Gelbstein, Ph.D.
An auditor will sooner or later be faced with two kinds of conflicts: conflict of interest and interpersonal conflict.
Volume 5, 2107
by Marianne Bradford, Ph.D., and Dave Henderson, Ph.D.
Although generalized audit software (GAS) has been shown to significantly improve the efficiency and effectiveness of audits, many auditors do not use this technology.
Volume 3, 2107
by Jayakumar Sundaram, CISA, ISO 27001 LA
The SoA is a continuously updated and controlled document that provides an overview of information security implementation.
Volume 3, 2018
by Giuliano Pozza, CGEIT, e-CF Plus (CIO), ITIL v3
The world of information and data management is changing faster than anyone could have predicted a few years ago, and attention to sensitive data protection is growing, as the new GDPR is clearly proving.
Volume 3, 2018
by Lucio Augusto Molina Focazzio, CISA, CRISC, CISM, COBIT Assessor and Trainer, ITIL
Building Tomorrow’s Leaders, Today
Volume 3, 2018
by ISACA Member and Certification Holder Compliance
An up-to-date listing of the current IT Audit and Assurance Standards, Guidelines, and Tools and Techniques

Wikis: 2 total

Blog Posts: 287 total

17 Jun 2018
We are happy to announce that  on Feb//2018  the ISACA awareness session  was held in Baghdad.This the first time to speak about ISACA Value in Iraq.Professional from government and private sector were excited to hear about ISACA value and they started to...
Posted By : Ali099 | 2 comments
As end users have increased their usage of mobile devices, the number and sophistication of attacks are also increasing.  While I will focus on protecting your smartphones, you should keep in mind that many of the items discussed apply to your iPa...
Posted By : Robert658 | 4 comments
Training is a lifelong pursuit of any professional. It is our toolbox to keep our skills sharp and tuned for the next challenge. I am often asked what resources are available or how to become more proficient in the identity management specialty. Consider ...
Posted By : Kenneth687 | 1 comments
Posted By : TafadzwaPadare | 1 comments
I have always enjoyed the “Star Trek” franchise, especially “StarTrek: The Next Generation” and the leadership of Capt. Jean-Luc Picard portrayed by Patrick Stewart. The character of Capt. Jean-Luc Picard is not so different from that of security leaders....
Posted By : Dhawal895 | 1 comments
Hello and welcome to my first post of my new blog, 'Cybersecurity ROCKS!'.   As a long time member of the security community and new to the Vancouver area, I'd like to tell you a little about myself, how my career began and where my current passions in cy...
Posted By : cybersecgal | 1 comments