Find Resources & Connect with members on topics that interest you.

AI - Acquire and Implement

PO - Plan and Organize

DS - Deliver and Support

Please sign in to see your topics.

 

NEW! Activity Badges

Badges help others understand your level of community activity and your reputation as a contributor within the Knowledge Center. Learn More.

Subscribe to all discussions

Recent Discussions

Risk analysis - how much constitutes "paralysis"?

There are any number of ways to analyse a risk, some involving very detailed quantitative technique...

Linda716 @ 1/30/2018 5:35 AM | Comments (3)

ATM anti skimming devices

Does the ATM antiskimming devices are operational risk or information security ?

Tarek EL-Sherif @ 12/18/2017 4:23 AM | Comments (3)

Bitcoin - bubble or not

Is bitcoin a bubble or something to stay for long time? If bitcoin is bubble, when it will burst? H...

Dragan Pleskonjic @ 12/10/2017 9:51 AM | Comments (0)

Risk mgmt agenda examples

Hi members,I institutionalized a Risk Mgmt Comittee in my organization. The comittee is made up of ...

danic1979 @ 12/4/2017 7:37 PM | Comments (2)

Risk in work unit business plans

Work units within organisations commit to annual business plans. Risk assessment is the foundation ...

Roger Lines @ 8/7/2017 6:25 PM | Comments (0)

Operational risk -- what your boss is hearing

Hello all, ISACA's content, such as Risk IT and COBIT are created primarily for you. Yet, wouldn't ...

Brian Barnier @ 8/3/2017 9:58 PM | Comments (3)

SPF records

Do you think it would be ok for your DNS manager to take 5 minutes and add an SPF record so your em...

scheidell @ 5/19/2017 3:30 PM | Comments (1)

Using Service Now for Risk/Compliance Program Mgt

I also posted this question in Service Management but have not heard anything yet.My team runs Risk...

AgVball @ 5/17/2017 3:00 PM | Comments (4)

Exploring fuzzy theory in IT audit risk assessment

I read a research work on "The Development of Audit Detection Risk Assessment System: Usingthe...

ISMAIL683 @ 3/16/2017 7:14 PM | Comments (0)

Risk Management with Artificial Intelligence / Cognitive Technology

Any insights on this topic? ..... I am trying to build a knowledge base in this area of - (1) Risk ...

Adwait @ 2/23/2017 2:40 PM | Comments (4)

Sample of a generic Key Risk Indicator for IT

Hi RM Community, Good day! I'm looking for a sample list of generic KRI's for IT. I'm currently wor...

Sameer848 @ 2/6/2017 9:19 AM | Comments (4)

Spearking of GRC tools - Anyone use Atlassian modules?

As noted in another thread, we are starting to look at GRC tools.  Someone from our PMO office ment...

AgVball @ 1/24/2017 12:05 AM | Comments (3)

Implementing a GRC tool ...

We are about to embark on a project to install a GRC solution.  Are there any existing checklists t...

AgVball @ 1/10/2017 12:27 AM | Comments (26)

Risk Profile for a technology team

Hello All, I work for an offshore unit of a U.S based financial institution as a risk manager. The ...

Victorjoshua @ 12/26/2016 3:05 AM | Comments (2)

Risks list for alla COBIT 5 processes

Do you know if there is a list of risks (IT and non IT) related to each Cobit 5 process?Thankyou

FrancescoM @ 10/20/2016 4:47 AM | Comments (7)

RE: Sample of a generic Key Risk Indicator for IT

Hi Sameer, I have to admit that I've not found the development of sample KRIs to be helpful as real...

Michael535 @ 2/20/2018 2:24 PM

RE: Risk analysis - how much constitutes "paralysis"?

Adding to the comments above... * Yes, there is a cost/benefit notion * Yes, it depends on the role...

Brian Barnier @ 1/30/2018 9:47 PM

RE: Risk analysis - how much constitutes "paralysis"?

Concerning Risk Analysis Paralysis.My initial thoughts is that are several considerations:1) What i...

Ricardo443 @ 1/30/2018 6:38 AM

RE: Risk analysis - how much constitutes "paralysis"?

I would say it is when further analysis will not make any difference to the risk decision i.e. if t...

AlexG @ 1/30/2018 6:33 AM

RE: ATM anti skimming devices

Without knowing the details, Operations probably own the risk but Information Security may help det...

Linda716 @ 1/30/2018 5:29 AM

RE: ATM anti skimming devices

@Tarek EL-SherifI believe there is more to your scenario from the way you posted your question....I...

Taty @ 12/18/2017 5:22 AM

RE: ATM anti skimming devices

The intent of ATM anti-skimming device is to protect and deter card skimmers from obtaining custome...

Kwame205 @ 12/18/2017 5:07 AM

RE: Risk mgmt agenda examples

Hi Daniel,I have also recently set up a RM Committee and created a structure for the regular meetin...

IanSimpson Vietnam @ 12/9/2017 3:46 AM

RE: Risk mgmt agenda examples

Hi Daniel, we used to have an agenda like this - Action review (follow-up of tasks assigned to the ...

pbusch @ 12/5/2017 4:30 AM

RE: Using Service Now for Risk/Compliance Program Mgt

I spent about 30 minutes evaluating SNOW for project management. When I discovered that there was n...

Mark368 @ 9/6/2017 7:12 AM

RE: Implementing a GRC tool ...

@mitke could you please send the documents to me on prince.it.analyst@gmail.comThank you,Prince.

Prince174 @ 8/25/2017 5:45 AM

RE: Implementing a GRC tool ...

I am reachable at prince.it.analyst@gmail.com.

Prince174 @ 8/25/2017 5:43 AM

RE: Implementing a GRC tool ...

Hi all, I work with leading insurance firm of Australia, happy to discuss the GRC journey we have c...

Prince174 @ 8/25/2017 1:28 AM

RE: Using Service Now for Risk/Compliance Program Mgt

Hi Shirley, Our platform - STORM Cyber Risk Management utilizes all cyber risk and compliance manag...

mitke @ 8/25/2017 12:28 AM

RE: Implementing a GRC tool ...

Hi Shirley. I replied to your other post too. How far have you gotten on your selection? We just ha...

Vincent084 @ 8/24/2017 1:14 PM

Implementing a GRC tool ...

We are about to embark on a project to install a GRC solution.  Are there any existing checklists t...

AgVball @ 1/10/2017 12:27 AM | Comments (26)

Risk Acceptance

HelloWhen doing an assessment for a new solution or system, and you identify critical, high, med, a...

Elsayed @ 9/8/2015 4:52 AM | Comments (17)

Threats and vulnerabilities

According to one of the answers on a CRISC practice question, vulnerabilities can be reduced but ne...

Hannah656 @ 12/7/2014 7:24 AM | Comments (16)

CRISC Certification

Hello Everyone, I have enrolled myself for CRISC certification in December. In order to prepare mys...

Rohit131 @ 8/31/2014 12:04 AM | Comments (15)

Vendor Risk Management

My company is looking to expand our Vendor Risk Management program and in order to build a business...

Tera075 @ 1/26/2015 11:41 AM | Comments (13)

risk management frameworks

Please can people tell me which risk management frameworks and TOOLS do they use?I.e. NIST, COBIT e...

JayMIET927 @ 8/31/2016 3:17 PM | Comments (12)

Risk Management:setting risk appetite

How do you set the level at which the risk score will not be acceptable to management if higher tha...

Michael043 @ 3/30/2011 8:04 AM | Comments (12)

IT Audit Strategy

Need some guidance here. I've been tasked with getting started on performing some IT Audits of our ...

Carl097 @ 11/5/2014 3:46 PM | Comments (12)

IT Risk and IT Operational Risk

Hello , Can anyone please tell me what is exact difference between IT risk and IT Operational Risk ...

Kapil Dixit @ 10/11/2012 4:22 AM | Comments (11)

How to align between IT Audit, IT Assurance and Information Security(Infosec)

Hello, all. I would really like to get/have your expert view on this title. Lets say in an organisa...

Taty @ 9/11/2012 1:41 AM | Comments (11)

Does Risk Management lead to Corporate Value?

Dear Colleague, I am surveying all professionals who use risk management techniques for a significa...

Ricardo443 @ 8/3/2015 2:46 PM | Comments (10)

risk assessment

risk assessment

Robeiiiiiiii @ 12/16/2010 2:41 PM | Comments (10)

Risk impact and absence of controls

During a recent risk assessment we had a topic arise regarding the consideration of impact in risk....

Gregory461 @ 6/7/2015 8:42 PM | Comments (10)

Vendor Risk Management

Many companies vet the vendors before they bring them onboard to understand the value as well as th...

Devashish041 @ 10/23/2015 4:20 PM | Comments (10)

Risk Scenarios

"ISACA today issued new guidance providing six steps to using risk scenarios for improved risk...

JasonY @ 9/24/2014 7:40 AM | Comments (9)