Find Resources & Connect with members on topics that interest you.

AI - Acquire and Implement

PO - Plan and Organize

DS - Deliver and Support

Please sign in to see your topics.

 

NEW! Activity Badges

Badges help others understand your level of community activity and your reputation as a contributor within the Knowledge Center. Learn More.

Recent Discussions

IT Risk Management

Hi all,Would like to find out what are the frameworks or standards are your organization aligning t...

KarenY @ 5/11/2018 12:10 PM | Comments (10)

Risk analysis - how much constitutes "paralysis"?

There are any number of ways to analyse a risk, some involving very detailed quantitative technique...

Linda716 @ 1/30/2018 5:35 AM | Comments (3)

ATM anti skimming devices

Does the ATM antiskimming devices are operational risk or information security ?

Tarek EL-Sherif @ 12/18/2017 4:23 AM | Comments (3)

Bitcoin - bubble or not

Is bitcoin a bubble or something to stay for long time? If bitcoin is bubble, when it will burst? H...

Dragan Pleskonjic @ 12/10/2017 9:51 AM | Comments (0)

Risk mgmt agenda examples

Hi members,I institutionalized a Risk Mgmt Comittee in my organization. The comittee is made up of ...

danic1979 @ 12/4/2017 7:37 PM | Comments (2)

Risk in work unit business plans

Work units within organisations commit to annual business plans. Risk assessment is the foundation ...

Roger Lines @ 8/7/2017 6:25 PM | Comments (0)

Operational risk -- what your boss is hearing

Hello all, ISACA's content, such as Risk IT and COBIT are created primarily for you. Yet, wouldn't ...

Brian Barnier @ 8/3/2017 9:58 PM | Comments (3)

SPF records

Do you think it would be ok for your DNS manager to take 5 minutes and add an SPF record so your em...

scheidell @ 5/19/2017 3:30 PM | Comments (1)

Using Service Now for Risk/Compliance Program Mgt

I also posted this question in Service Management but have not heard anything yet.My team runs Risk...

AgVball @ 5/17/2017 3:00 PM | Comments (4)

Exploring fuzzy theory in IT audit risk assessment

I read a research work on "The Development of Audit Detection Risk Assessment System: Usingthe...

ISMAIL683 @ 3/16/2017 7:14 PM | Comments (0)

Risk Management with Artificial Intelligence / Cognitive Technology

Any insights on this topic? ..... I am trying to build a knowledge base in this area of - (1) Risk ...

Adwait @ 2/23/2017 2:40 PM | Comments (4)

Sample of a generic Key Risk Indicator for IT

Hi RM Community, Good day! I'm looking for a sample list of generic KRI's for IT. I'm currently wor...

Sameer848 @ 2/6/2017 9:19 AM | Comments (6)

Spearking of GRC tools - Anyone use Atlassian modules?

As noted in another thread, we are starting to look at GRC tools.  Someone from our PMO office ment...

AgVball @ 1/24/2017 12:05 AM | Comments (3)

Implementing a GRC tool ...

We are about to embark on a project to install a GRC solution.  Are there any existing checklists t...

AgVball @ 1/10/2017 12:27 AM | Comments (26)

Risk Profile for a technology team

Hello All, I work for an offshore unit of a U.S based financial institution as a risk manager. The ...

Victorjoshua @ 12/26/2016 3:05 AM | Comments (2)

RE: IT Risk Management

The challenge is the request for something that can be used by any organization. I think what you p...

mhershaft @ 5/17/2018 12:56 PM

RE: IT Risk Management

Hi all, Many thanks and appreciate that you all help in formulating and giving context to managing ...

KarenY @ 5/16/2018 12:07 PM

RE: IT Risk Management

Hello, Remember that COBIT Risk and Risk IT (and bit more so) are designed explicitly to link to ER...

Brian Barnier @ 5/15/2018 3:39 PM

RE: IT Risk Management

Hi all,Yor conributions are insightful. It urged me to serach out and review some documents that I ...

Ricardo443 @ 5/15/2018 8:06 AM

RE: IT Risk Management

Hi Karen,Several frameworks are available for Risk Practitioners. Which framework will you use that...

Shamsuzzaman @ 5/14/2018 11:57 PM

RE: IT Risk Management

Hi Karen,I've found COBIT to be useful. It helps that they have a Risk specific enabler. I've also ...

KarenY @ 5/14/2018 12:30 PM

RE: IT Risk Management

Hi Karen,I've found COBIT to be useful. It helps that they have a Risk specific enabler. I've also ...

demetri.gittens @ 5/14/2018 8:55 AM

RE: IT Risk Management

Dave56 @ 5/14/2018 7:48 AM

IT Risk Management

KarenY, The Internationals Standards Organisation (ISO) have released an update to their Risk Manag...

KenDoughty @ 5/13/2018 6:41 PM

RE: Sample of a generic Key Risk Indicator for IT

Over all for IT: - MTTD: Mean Time To Detection of Compromise - MTTR: Mean Time To Repair - MRAR: M...

Don Turnblade @ 3/1/2018 11:39 AM

RE: Sample of a generic Key Risk Indicator for IT

From the Cyber Security side I have a few suggestions of directly measurable risk indicators. 1) Th...

Don Turnblade @ 2/22/2018 11:56 AM

RE: Sample of a generic Key Risk Indicator for IT

Hi Sameer, I have to admit that I've not found the development of sample KRIs to be helpful as real...

Michael535 @ 2/20/2018 2:24 PM

RE: Risk analysis - how much constitutes "paralysis"?

Adding to the comments above... * Yes, there is a cost/benefit notion * Yes, it depends on the role...

Brian Barnier @ 1/30/2018 9:47 PM

RE: Risk analysis - how much constitutes "paralysis"?

Concerning Risk Analysis Paralysis.My initial thoughts is that are several considerations:1) What i...

Ricardo443 @ 1/30/2018 6:38 AM

Implementing a GRC tool ...

We are about to embark on a project to install a GRC solution.  Are there any existing checklists t...

AgVball @ 1/10/2017 12:27 AM | Comments (26)

Risk Acceptance

HelloWhen doing an assessment for a new solution or system, and you identify critical, high, med, a...

Elsayed @ 9/8/2015 4:52 AM | Comments (17)

Threats and vulnerabilities

According to one of the answers on a CRISC practice question, vulnerabilities can be reduced but ne...

Hannah656 @ 12/7/2014 7:24 AM | Comments (16)

CRISC Certification

Hello Everyone, I have enrolled myself for CRISC certification in December. In order to prepare mys...

Rohit131 @ 8/31/2014 12:04 AM | Comments (15)

Vendor Risk Management

My company is looking to expand our Vendor Risk Management program and in order to build a business...

Tera075 @ 1/26/2015 11:41 AM | Comments (13)

risk management frameworks

Please can people tell me which risk management frameworks and TOOLS do they use?I.e. NIST, COBIT e...

JayMIET927 @ 8/31/2016 3:17 PM | Comments (12)

Risk Management:setting risk appetite

How do you set the level at which the risk score will not be acceptable to management if higher tha...

Michael043 @ 3/30/2011 8:04 AM | Comments (12)

IT Audit Strategy

Need some guidance here. I've been tasked with getting started on performing some IT Audits of our ...

Carl097 @ 11/5/2014 3:46 PM | Comments (12)

IT Risk and IT Operational Risk

Hello , Can anyone please tell me what is exact difference between IT risk and IT Operational Risk ...

Kapil Dixit @ 10/11/2012 4:22 AM | Comments (11)

How to align between IT Audit, IT Assurance and Information Security(Infosec)

Hello, all. I would really like to get/have your expert view on this title. Lets say in an organisa...

Taty @ 9/11/2012 1:41 AM | Comments (11)

Does Risk Management lead to Corporate Value?

Dear Colleague, I am surveying all professionals who use risk management techniques for a significa...

Ricardo443 @ 8/3/2015 2:46 PM | Comments (10)

IT Risk Management

Hi all,Would like to find out what are the frameworks or standards are your organization aligning t...

KarenY @ 5/11/2018 12:10 PM | Comments (10)

risk assessment

risk assessment

Robeiiiiiiii @ 12/16/2010 2:41 PM | Comments (10)

Risk impact and absence of controls

During a recent risk assessment we had a topic arise regarding the consideration of impact in risk....

Gregory461 @ 6/7/2015 8:42 PM | Comments (10)

Vendor Risk Management

Many companies vet the vendors before they bring them onboard to understand the value as well as th...

Devashish041 @ 10/23/2015 4:20 PM | Comments (10)