Find Resources & Connect with members on topics that interest you.

AI - Acquire and Implement

PO - Plan and Organize

DS - Deliver and Support

Please sign in to see your topics.

You must be logged in to join this group.

Risk Management

Welcome to the Risk Management topic!

Collaborate, contribute, consume and create knowledge around topics such as Risk Management, Risk Governance, Risk Profile, Governance Risk & Compliance (GRC), & CRISC.

ISACA members can participate by clicking on the “Join this Community” button. You must be signed into the site. Set your alerts to be notified of new discussion activity within this community. Not an ISACA member? Join now!

This Topic Has:
2659 Members
0 Online
24637 Visits

Community Leader

Brian Barnier

Brian Barnier

Badge: Energizer

Mohamed Tawfik

Mohamed Tawfik

Title: Financial Controller Sector - General Manager

Points: 294

Badge: Lively


NEW! Activity Badges

Badges help others understand your level of community activity and your reputation as a contributor within the Knowledge Center. Learn More.

Discussions: 187 total

Must be a Topic member to contribute
View All »
Hello all, ISACA's content, such as Risk IT and COBIT are created primarily for you. Yet, wouldn't it be nice to have a way to engage more senior business and IT people? After I was part of the team that created Risk IT, I penned The Operational Ris...
Brian Barnier | 8/8/2017 5:12:55 AM | COMMENTS(3)
Work units within organisations commit to annual business plans.  Risk assessment is the foundation of business plan credibility and assurance. For the work unit business plan, ‘risk’ is the uncertainty of the year-end position. I’m sharing a...
Roger Lines | 8/7/2017 6:25:20 PM | COMMENTS(0)
We are about to embark on a project to install a GRC solution.  Are there any existing checklists to help with requirements?  Did you use a consulting team to help you create your requirements and guide you through the process?
AgVball | 8/3/2017 5:24:24 PM | COMMENTS(22)
Do you think it would be ok for your DNS manager to take 5 minutes and add an SPF record so your emails arn't constantly tagged as spam, phishing or forgeries?  headers from emails:Return-Path: Received: from
scheidell | 5/20/2017 10:10:57 PM | COMMENTS(1)
I also posted this question in Service Management but have not heard anything yet. My team runs Risk and Compliance efforts.  We had moved to JIRA to run one program as a "project" and sending out "issues" to assignees for them to either answer audit que...
AgVball | 5/18/2017 4:21:38 PM | COMMENTS(1)
I read a research work on "The Development of Audit Detection Risk Assessment System: Using the Fuzzy Theory and Audit Risk Model", which I appreciated and I would like to adopt it for a research project, but this time in the field of IT audit. i lock for...
ISMAIL683 | 3/16/2017 7:14:36 PM | COMMENTS(0)

Documents & Publications: 69 total

Must be a Topic member to contribute
View All »
Posted by ISACA 1237 days ago
Posted by ISACA 530 days ago
Posted by ISACA 635 days ago
Posted by ISACA 645 days ago

Events & Online Learning: 18 total

16 Mar 2015
ISACA International Event
Orlando, FL, USA
21 Sep 2015
ISACA International Event
06010 Mexico City, Panama
La Conferencia Latinoamericana CACS/ISRM
9 Nov 2015
ISACA International Event
Copenhagen, Denmark
Stay on top of the trends and opportunities of the dynamic technology industry at EuroCACS/ISRM —the leading European conference for IT audit, assurance, security and risk professionals.

Journal Articles: 197 total

Volume 3, 2107
by Jayakumar Sundaram, CISA, ISO 27001 LA
The SoA is a continuously updated and controlled document that provides an overview of information security implementation.
Volume 6, 2106
by Venkatasubramanian Ramakrishnan, CISM, CRISC, CHFI
Bayesian networks can capture the complex interdependencies among risk factors and can effectively combine data with expert judgment.
Volume 4, 2017
Our organization has employees who work mostly in the field. Previously, they had been provided laptops and mobile phones by the organization.
Volume 4, 2017
by Steven De Haes, Ph.D., Anant Joshi, Ph.D., Tim Huygh and Salvi Jansen
IT governance, also referred to as governance of enterprise IT (GEIT) or corporate governance of IT, is a subset of corporate governance that is concerned with enterprise IT assets.
Volume 4, 2017
by Mohammed J. Khan, CISA, CRISC, CIPM
Social media is a powerful tool that gives organizations the ability to expand their brand value; it can also tarnish a brand overnight.
Volume 4, 2017
by Guy Ngambeket, CISA, CISM, CGEIT, ITIL v3 , PMP
Remote working has a lot of advantages, both for the company and the employees. In the past years, it has become increasingly used by companies as a perk.

Wikis: 2 total

Blog Posts: 125 total

Few days ago the person behind the Hacking Team hack revealed how he did it in pastebin - (the original in Spanish) I was very keen to understand how good you need to be to hack back one of the most (in)famous hacking...
Posted By : TiagoRosado | 0 comments
Realizar tareas de educación y concienciación para el usuario final es vital, teniendo en cuenta que al final es este usuario quien decidirá si se protege. pensando en esto, les comparto consejos útiles. 1. No utilices vocabulario técnico, considera que t...
Posted By : Rene372 | 0 comments
Recently while reading through various cyber security threat feeds, I ran across a very interesting article describing ways to protect your identity and personal data.  In the article the author discussed "Understanding your data-protection and privacy ri...
Posted By : James948 | 0 comments
La demanda de servicios bancarios a través de Internet, producto del surgimiento de nuevas necesidades en los consumidores atraídos por el auge tecnológico, mantiene a las entidades financieras inmersas en una encrucijada en la cual deben equilibrar el ni...
Posted By : Gerardo Zuñiga | 1 comments
Seguro que todos hemos oído en los últimos meses noticiassobre ataques cibernéticos y el impacto que los mismos han tenido en diferentesindustrias y empresas. El último de ellos denominado “WannaCry” ha sidoconsiderado como uno de los mayores ataques info...
Posted By : Rene372 | 0 comments
Manejo de TI interno. El tener toda la estructura de TI internamente, sin subcontrataciones, puede dar una acumulación de problemas difíciles de manejar para una sola organización.Asociaciones con contrapartes. Al trabajar en un proyecto conjunto con una...
Posted By : Gladys789 | 0 comments