Find Resources & Connect with members on topics that interest you.

AI - Acquire and Implement

PO - Plan and Organize

DS - Deliver and Support

Please sign in to see your topics.

You must be logged in to join this group.

Risk Management

Welcome to the Risk Management topic!

Collaborate, contribute, consume and create knowledge around topics such as Risk Management, Risk Governance, Risk Profile, Governance Risk & Compliance (GRC), & CRISC.

ISACA members can participate by clicking on the “Join this Community” button. You must be signed into the site. Set your alerts to be notified of new discussion activity within this community. Not an ISACA member? Join now!

This Topic Has:
2008 Members
14 Online
19744 Visits

Community Leader

Brian Barnier

Brian Barnier

Badge: Energizer



Badge: Lively


NEW! Activity Badges

Badges help others understand your level of community activity and your reputation as a contributor within the Knowledge Center. Learn More.

Discussions: 133 total

Must be a Topic member to contribute
View All »
My company is looking to expand our Vendor Risk Management program and in order to build a business case, I need to gather some benchmark data on other companies' programs. This is for internal use only and no company-specific data is required and no attr...
Tera075 | 1/26/2015 11:55:44 AM | COMMENTS(2)
How does your organization determine whom should own the risk? Is it based on who owns the IT service that is at risk, who owns or operates the controls that are in place or need to be in place, who owns the policy, who is causing the risk, who is impacte...
Hannah656 | 1/23/2015 7:54:47 AM | COMMENTS(6)
According to one of the answers on a CRISC practice question, vulnerabilities can be reduced but never eliminated. Since a vulnerability is deficient control relative to a threat level, does this also mean that threats can never be eliminated? What about ...
Hannah656 | 1/12/2015 7:41:48 AM | COMMENTS(16)
I'm developing a key risk indicator dashboard and am looking for guidance on best practices and reporting formats. Thanks.
Jennifer067 | 1/7/2015 1:53:25 PM | COMMENTS(8)
This short article is enthused by a publication I read here: The entire article is a reminder tha...
John229 | 12/30/2014 12:42:47 PM | COMMENTS(8)
Hello all, if you will be at the GRC Conference in NYC Dec 9-12 or the ISACA NCAC Cyber Crime and Security Conference in Washington Dec 16, please say "hello." Always nice to meet community friends in person. Best, Brian
Brian Barnier | 12/12/2014 10:34:09 AM | COMMENTS(3)

Documents & Publications: 95 total

Must be a Topic member to contribute
View All »
Posted by ISACA 301 days ago
Posted by ISACA 12 days ago
Posted by ISACA 40 days ago

Events & Online Learning: 12 total

14 Oct 2013
ISACA International Event
Boston, MA, USA
6 Nov 2013
ISACA International Event
Las Vegas, NV, USA
North America ISRM features relevant security and risk management topics presented by leading industry experts and practitioners.
11 Aug 2014
ISACA International Event
Seattle, WA, USA

Journal Articles: 251 total

Volume 1, 2015
by Tieu Luu
In November 2013, the US Office of Management and Budget (OMB) issued memorandum M-14-03 requiring all federal departments and agencies to establish an information security continuous monitoring (ISCM) program.
Volume 1, 2015
by P. W. Singer and Allan Friedman | Reviewed by Larry Marks, CISA
This book defines cybersecurity, discusses the basic issues of cybersecurity about which everyone should be aware and supplies the reader with tools to address these threats.
Volume 1, 2015
by Bill Hargenrader, CISM, CEH, CISSP
ISCM has a major positive impact on improving risk management and compliance across many industries and bodies, including the US federal government, the DoD, and commercial and financial organizations.
Volume 1, 2015
by Ed Gelbstein, Ph.D.
An information security practitioner preparing a ROSI calculation needs to prepare it in such a way to ensure that it leads to the requested resources and preserves the practitioner’s credibility.
Volume 6, 2014
by Kathleen M. Stetz, CISA, CISM, CRISC, PMP
Get to know your network.
Volume 6, 2014
by Eric A. Beck
Corporate risk managers and security professionals understand that risk is not a problem that can be solved, but rather a process that must be managed.

Wikis: 2 total

Blog Posts: 72 total

If you are still using excel for your governance, risk and compliance Maclear eGRC SuiteTM have put together a whitepaper to help you understand the benefits of automation and what to look for when selecting your solution. IT GRC Whitepaper includes: 1...
Posted By : Shanthamurthy926 | 0 comments
13 Nov 2014
You are invited to comment on my post in ISACA Now which can be accessed using the following link: Title: From games to government, babies to business--the role of strategyLink: Shahi...
Posted By : SA | 0 comments
Dear Community Members,We have established the Topic “Strategic Planning/Alignment” which I believe might be of interest to you. We would like to benefit from your experience and knowledge. Some of you are already members of the topic (which you will find...
Posted By : SA | 0 comments
“Enterprise architecture is now a strategic componentof every forward-thinking organization around the world.”Source: Related Article: Common Perspective on Enterprise Architecture: http://feapo....
Posted By : SA | 0 comments
Ina fast changing world of business and relentless competition, strategicplanning is not only critical, but also the differentiating factor for anorganization. Since IT has moved from a supportive role to a more strategicrole, the IT Strategic Planning an...
Posted By : SA | 0 comments
Agile technique in software development has been around for quite some time. There have been efforts to adopt the agile techniques for strategic planning, alignment and execution. Following are some of the relevant articles/blog posts in this area. The to...
Posted By : SA | 0 comments