Why not sign up for our newsletter?
Content Summary: IT Risk Management
One of the most crucial aspects of an Enterprise Risk Management strategy is IT Risk Management. In a more connected world, Information Security is becoming a critical success factor for organisations.
Content Summary: IT Risk Measurement
There are over eighty different risk frameworks for measuring enterprise risk, one of the more popular is COSO, which comes from The Committee of Sponsoring Organizations’ (COSO) of The Treadway Committee.
Content Summary: Valuation
The Valuation is the estimated value to the organisation of the Asset that is at Risk, sometimes referred to as the Valuation at Risk (VaR).
Content Summary: Threats
The next component to consider is what Threat you have to your Asset. Threat is measured as a percentage, ranging from zero percent, implying no threat, to one hundred percent, implying a constant threat.
Content Summary: Countermeasures
Countermeasures are specific actions we put in place to mitigate Threats, for example we might put in place a Firewall to stop unauthorised access to servers and data within our environment.
Content Summary: Vulnerabilities
Vulnerabilities are weaknesses within your control system. No control system is 100% perfect, 100% the time, you can have all the IT Security Countermeasures in the world, but if your Users handover their password and username to any person on the other end of a telephone line claiming to be from the IT Helpdesk, you have a weakness/vulnerability within your system.
Content Summary: IT Risk Calculations
You could calculate your Risk for every IT control, in fact this Risk calculation is likely to be a significant part of your business case, as it will allow you to calculate the Return of Investment (ROI) you are likely to achieve by implementing the new Countermeasure; however we can also complete an Enterprise Risk calculation by using industry figures for IT Control Implementation weaknesses.
Copyright © 2012 - All Rights Reserved - CYSEC