Find Resources & Connect with members on topics that interest you.

AI - Acquire and Implement

PO - Plan and Organize

DS - Deliver and Support

Please sign in to see your topics.

You must be logged in to join this group.

Risk Management

Welcome to the Risk Management topic!

Collaborate, contribute, consume and create knowledge around topics such as Risk Management, Risk Governance, Risk Profile, Governance Risk & Compliance (GRC), & CRISC.

ISACA members can participate by clicking on the “Join this Community” button. You must be signed into the site. Set your alerts to be notified of new discussion activity within this community. Not an ISACA member? Join now!

This Topic Has:
2189 Members
1 Online
21139 Visits

Community Leader

Brian Barnier

Brian Barnier

Badge: Energizer

Mohamed Tawfik

Mohamed Tawfik

Title: Senior IT Audit Manager

Points: 275

Badge: Lively


NEW! Activity Badges

Badges help others understand your level of community activity and your reputation as a contributor within the Knowledge Center. Learn More.

Discussions: 148 total

Must be a Topic member to contribute
View All »
HelloWhen doing an assessment for a new solution or system, and you identify critical, high, med, and low vulnerabilities which has posed high risk to the solution. When discussing the risk register with the business and technical owners for remediation’s...
AHMED359 | 9/17/2015 12:40:08 PM | COMMENTS(10)
During a recent risk assessment we had a topic arise regarding the consideration of impact in risk. Generally speaking, most people in the meeting felt impact should be considered as an absence of all controls, including existing controls in the environme...
Gregory461 | 9/4/2015 5:02:54 PM | COMMENTS(10)
Dear Colleague,  I am surveying all professionals who use risk management techniques for a significant part of their practice, senior managers and C-Level Executives for my MBA.  Is Risk Management (RM) a strategic capability? Does it ensure your organi...
Ricardo443 | 8/10/2015 8:07:49 PM | COMMENTS(10)
Greetings people, I am new to Isaca, and I have just done the CISA exam. I would like to ask you to point me to the right howtos/checklists/methods to evaulate the IT Security Managament of an Enterprise. To do some of the following: risk managemen...
Zeljko317 | 6/30/2015 3:55:58 AM | COMMENTS(5)
Hope you don't mind me posting in this groupabout this year's ISACA Ireland conference, which is focusing on placingbusiness first. Wewould like this conference to be as successful as last year's, which was trulyinternational with 24 speakers from 12 coun...
Neil_Curran | 6/17/2015 5:43:08 AM | COMMENTS(1)
In studying and refining risk management at individual companies and in public workshops, it turns out that the a valuable quality of a good manager of risk is the "fix it" spirit. In a throw away world, knowing how to find and fix problems in anything --...
Brian Barnier | 5/27/2015 6:23:13 PM | COMMENTS(4)

Documents & Publications: 106 total

Must be a Topic member to contribute
View All »
Posted by ISACA 551 days ago
This white paper focuses on common challenges associated with project risk management and presents a practical approach to risk management based on International Risk Management Standards.
Posted by Joseph496 89 days ago

Events & Online Learning: 15 total

14 Oct 2013
ISACA International Event
Boston, MA, USA
6 Nov 2013
ISACA International Event
Las Vegas, NV, USA
North America ISRM features relevant security and risk management topics presented by leading industry experts and practitioners.
11 Aug 2014
ISACA International Event
Seattle, WA, USA

Journal Articles: 268 total

Volume 5, 2015
by Jeimy J. Cano, Ph.D., COBIT Foundation, CFE
Cyberinsurance is a way to account for cyberrisk and considers the new possible business responsibilities arising from operating in an international context.
Volume 5, 2015
by Michele Mosca, Ph.D.
In the Information Age, many of one’s most valuable belongings—finances, medical histories and, to a large extent, identities—are kept safe behind digital deadbolts.
Volume 5, 2015
by Steven J. Ross, CISA, CISSP, MBCP
If you think of cyberattacks as war, which it is in both the figurative and literal senses, make yourself ready to win it.
Volume 5, 2015
by Ganapathi Subramaniam
How do I ensure that my organization has controls to protect itself from cyberrisk?
Volume 5, 2015
by Larry G. Wlosinski, CISA, CISM, CRISC, CAP, CBCP, CDP, CISSP, ITIL V3
Current cyber-related controls and strategies are not acceptable—cybercriminals are getting rich from the hard work of others and the lack of a united cybersecurity front on everyone’s part.
Volume 5, 2015
by Omar Y. Sharkasi, CBCP, CFE, CRP
IT leaders must increase cybersecurity public awareness and coordination across the subset of federal governments, all while having to do more with less.

Wikis: 2 total

Blog Posts: 85 total

It is interesting to note that the Government of India's Department of Engineering and Information Technology has issued National Encryption Policy for public comment.  And today the first addendum for the same has been issued for the people to refer to. ...
Posted By : Mayank | 0 comments
Information Security and IT operations generally do not go hand in hand or I rather make a not so controversial statement that IT Operations Folks generally don't like Information Security Folks for they see the Information security folks to be the Show S...
Posted By : Mayank | 0 comments
One thing I learned early on in dealing with IT security issues at a small financial institution is that some of the client's vendors and service providers actually resort to lying as a way of dodging performing such tasks as patching servers, paying for ...
Posted By : Guy399 | 0 comments
Throughout my career I have experienced various “philosophies” in planning and design of IT projects. Some choose the fire fighter philosophy, while others choose the “agile as an excuse for insufficient design”. On the other end of the scale I have found...
Posted By : John410 | 0 comments
Last weekend over dinner at one of my friend’s place, who isa Mergers & Acquisitions “M&A” Partner with a consulting firm; asked mehow would I assess the cyber security related risk of a target acquisition? Thequestion is very relevant in this day and age...
Posted By : Jitendra054 | 0 comments
There are many ways to conduct an audit of the Business Continuity Program (BCP). However, all of them must revolve around 3 key BCP areas, which are: Business Continuity (BC)Disaster Recovery (DR)Crisis Management (CM)These three categories form the basi...
Posted By : Aleksandr754 | 0 comments