Find Resources & Connect with members on topics that interest you.

AI - Acquire and Implement

PO - Plan and Organize

DS - Deliver and Support

Please sign in to see your topics.

You must be logged in to join this group.

Risk Management

Welcome to the Risk Management topic!

Collaborate, contribute, consume and create knowledge around topics such as Risk Management, Risk Governance, Risk Profile, Governance Risk & Compliance (GRC), & CRISC.

ISACA members can participate by clicking on the “Join this Community” button. You must be signed into the site. Set your alerts to be notified of new discussion activity within this community. Not an ISACA member? Join now!

This Topic Has:
2624 Members
11 Online
24441 Visits

Community Leader

Brian Barnier

Brian Barnier

Badge: Energizer

Mohamed Tawfik

Mohamed Tawfik

Title: Financial Controller Sector - General Manager

Points: 294

Badge: Lively


NEW! Activity Badges

Badges help others understand your level of community activity and your reputation as a contributor within the Knowledge Center. Learn More.

Discussions: 185 total

Must be a Topic member to contribute
View All »
Do you think it would be ok for your DNS manager to take 5 minutes and add an SPF record so your emails arn't constantly tagged as spam, phishing or forgeries?  headers from emails:Return-Path: Received: from
scheidell | 5/20/2017 10:10:57 PM | COMMENTS(1)
I also posted this question in Service Management but have not heard anything yet. My team runs Risk and Compliance efforts.  We had moved to JIRA to run one program as a "project" and sending out "issues" to assignees for them to either answer audit que...
AgVball | 5/18/2017 4:21:38 PM | COMMENTS(1)
We are about to embark on a project to install a GRC solution.  Are there any existing checklists to help with requirements?  Did you use a consulting team to help you create your requirements and guide you through the process?
AgVball | 3/28/2017 3:06:37 AM | COMMENTS(18)
I read a research work on "The Development of Audit Detection Risk Assessment System: Using the Fuzzy Theory and Audit Risk Model", which I appreciated and I would like to adopt it for a research project, but this time in the field of IT audit. i lock for...
ISMAIL683 | 3/16/2017 7:14:36 PM | COMMENTS(0)
Any insights on this topic? ..... I am trying to build a knowledge base in this area of - (1) Risk Management of AI and CT technologies to be used to support business, (2) use of AI and CT for helping with Risk Management Any thoughts? Thanks in advance. ...
Adwait | 2/26/2017 3:27:38 PM | COMMENTS(4)
Hi RM Community, Good day! I'm looking for a sample list of generic KRI's for IT. I'm currently working on a project to initiate monitoring of KRI's. I was able to do research and obtain understanding of KRI. I have yet to perform an understandi...
Sameer848 | 2/8/2017 7:01:58 AM | COMMENTS(3)

Documents & Publications: 69 total

Must be a Topic member to contribute
View All »
Posted by ISACA 1185 days ago
Posted by ISACA 478 days ago
Posted by ISACA 583 days ago
Posted by ISACA 593 days ago

Events & Online Learning: 17 total

16 Mar 2015
ISACA International Event
Orlando, FL, USA
21 Sep 2015
ISACA International Event
06010 Mexico City, Panama
La Conferencia Latinoamericana CACS/ISRM
9 Nov 2015
ISACA International Event
Copenhagen, Denmark
Stay on top of the trends and opportunities of the dynamic technology industry at EuroCACS/ISRM —the leading European conference for IT audit, assurance, security and risk professionals.

Journal Articles: 194 total

Volume 3, 2107
by Jayakumar Sundaram, CISA, ISO 27001 LA
The SoA is a continuously updated and controlled document that provides an overview of information security implementation.
Volume 6, 2106
by Venkatasubramanian Ramakrishnan, CISM, CRISC, CHFI
Bayesian networks can capture the complex interdependencies among risk factors and can effectively combine data with expert judgment.
Volume 3, 2017
The resolve to address IoT device security at various levels—hardware and software, government and enterprise, consumers and services—is widespread.
Volume 3, 2017
by Vasant Raval, DBA, CISA, ACMA, and Rajesh Sharma, Ph.D., ITIL-F, Six Sigma Black Belt
Success does not teach much, if anything; it is the failure that provides lessons to do better in the future.
Volume 3, 2017
by Hemant Patel, CISM, ITIL, PMP, TOGAF
Security needs to be addressed at all stages of the IoT system life cycle, including the design, installation, configuration and operational stages.
Volume 3, 2017
by ISACA | Reviewed by Diana Hamono
The book is a useful resource for managers in all parts of an organization that is considering transitioning some, or all, of its current IT services onto cloud-based services and who want to understand the security implications of doing so.

Wikis: 2 total

Blog Posts: 122 total

La demanda de servicios bancarios a través de Internet, producto del surgimiento de nuevas necesidades en los consumidores atraídos por el auge tecnológico, mantiene a las entidades financieras inmersas en una encrucijada en la cual deben equilibrar el ni...
Posted By : Gerardo Zuñiga | 1 comments
Seguro que todos hemos oído en los últimos meses noticiassobre ataques cibernéticos y el impacto que los mismos han tenido en diferentesindustrias y empresas. El último de ellos denominado “WannaCry” ha sidoconsiderado como uno de los mayores ataques info...
Posted By : Rene372 | 0 comments
Manejo de TI interno. El tener toda la estructura de TI internamente, sin subcontrataciones, puede dar una acumulación de problemas difíciles de manejar para una sola organización.Asociaciones con contrapartes. Al trabajar en un proyecto conjunto con una...
Posted By : Gladys789 | 0 comments
La razón de que varias páginas y servicios soportados por la nube de Amazon Web Services –entre ellos Netflix y Spotify- presentarán fallas el martes pasado se debió a un error humano, aseguró la compañía. El reporte de Amazon apuntaba que servidores S3 e...
Posted By : Rene372 | 0 comments
Dear All I am working on Information security risk assessment framework which helps to reduce the subjectivity in the risk assessment process. (Subjective risk assessment is the one which is based on the risk parameters having values 1 to 5 or 1 to 3. and...
Posted By : Muhammad Irfan Bashir | 0 comments
Today, all of us need to protect the personal information... so, I share these useful tips. Here are eight tips to help you protect the privacy of your personal information:1. Implement a personal-information "need-to-know basis" policyMany businesses ask...
Posted By : Rene372 | 0 comments