ISACA Journal Author Blog

ISACA > Journal > Practically Speaking Blog > Posts > The Key for Evaluating IT Asset, Risk Impact and Control Gap

The Key for Evaluating IT Asset, Risk Impact and Control Gap

Shemlse Gebremedhin Kassa, CISA, CEH
| Published: 6/19/2017 3:43 PM | Category: Risk Management | Permalink | Email this Post | Comments (2)

Shemlse Gebremedhin KassaA previous Journal article I wrote, “Information Systems Security Audit: An Ontological Framework,” briefly describes the security audit activities/process in one hierarchical structure. Now, in my recent Journal article, “IT Asset Valuation, Risk Assessment and Control Implementation Model,” I propose a different model that helps to measure, manage and implement concepts objectively by using the previously proposed ontological framework. The aim of my recent Journal article is to help you quantitatively conduct asset valuation, risk measurement, impact analysis and identification of the existing control gap of the company’s IT resource for a regulatory body, management, auditors and other concerned parties. My colleagues and I challenged to give similar pledge and equal valuation, due to nonexistence of clear and agreed-on models.

In general, the model would enable us to:

  • Quantitatively measure the value of IT assets, risk impact and control implementation gap
  • Facilitate the control follow-up process
  • Use a common base for evaluating, monitoring, reporting and analyzing a risk assessment
  • Realize the required skills of different models and security components
  • Understand how the weight of an IT asset is assigned

The inspiration for my recent Journal article came from what I observed while working as IT and systems auditor. Without a clear and widely accepted risk model, it is challenging to provide a meaningful view of IT asset, risk and control gaps. My article provides an easy model to measure values of IT assets, risk, threat, vulnerability and control quantitatively and objectively for management and owners for the purpose of critical decision making.

Read Shemlse Gebremedhin Kassa’s recent Journal article:
IT Asset Valuation, Risk Assessment and Control Implementation Model,” ISACA Journal, volume 3, 2017.


Missing article

I would love to read your follow up article; I enjoyed the one from 2016 very much.
the 3/2017 journal is not downloadable from the ISACA site as a pdf for some technical reason
the journal app does contain the 3/2017 journal but not your article.

Have you posted it somewhere else?
Inge426 at 12/10/2017 4:42 AM

Mr. Ingeborg

Thank you for your comment, Please find my article now with the same link.
Shemlse173 at 1/2/2018 11:41 PM