Part A: Organizational Governance
Organizational Strategy, Goals and Objectives |
The Context of IT Risk Managemen |
Organizational Structure |
Organizational Culture |
Policies and Standards |
Business Process Review.. |
Organizational Assets |
Goals of InfoSec: Confidentiality, Integrity, Availibility |
Types of IT-related Business Risk |
RACI (Responsible, Accountable, Consulted, Informed) |
Greatest benefit of a risk-aware culture:Suspected behaviour is reported at the earliest |
Risk Management Concepts |
Access: Unauthorized access resulting in loss of confidentiality |
Key Roles |
Risk Awareness |
Vulnerabilities Threats, Threat Agents |
Availability: Service/data is not accessible when needed |
|
Prime consideration when developing an risk awareness program:Process owner should able to understand how risk can impact their process as well as overall business. |
| |
Infrastructure: Inadequate IT infr.& systems to effectively support the needs of the business. (hardware, networks, software, people and processes) |
|
Best approach when conducting an risk awareness campaign |
Infrastructure: Inadequate IT infr.& systems to effectively support the needs of the business. (hardware, networks, software, people and processes) |
Integrity: Incomplete, incorrect or inaccurate data |
Integrity: Incomplete, incorrect or inaccurate data |
Investment/Expense: IT investment fails to provide value commensurate with its cost or is otherwise excessive or wasteful, including the overall IT investment portfolio. |
Investment/Expense: IT investment fails to provide value commensurate with its cost or is otherwise excessive or wasteful, including the overall IT investment portfolio. |
Project Ownership: IT projects failure due to lack of accountability and commitment |
Project Ownership: IT projects failure due to lack of accountability and commitment |
Relevance: The right information may not get to the right recipients at the right time to allow the right action to be taken |
|
|
The Context of IT Risk Managemen
|
|
Part A: Organizational Governance
Organizational Strategy, Goals and Objectives |
The Context of IT Risk Managemen |
Organizational Structure |
Organizational Culture |
Policies and Standards |
Business Process Review.. |
Organizational Assets |
Goals of InfoSec: Confidentiality, Integrity, Availibility |
Types of IT-related Business Risk |
RACI (Responsible, Accountable, Consulted, Informed) |
Greatest benefit of a risk-aware culture:Suspected behaviour is reported at the earliest |
Risk Management Concepts |
Access: Unauthorized access resulting in loss of confidentiality |
Key Roles |
Risk Awareness |
Vulnerabilities Threats, Threat Agents |
Availability: Service/data is not accessible when needed |
|
Prime consideration when developing an risk awareness program:Process owner should able to understand how risk can impact their process as well as overall business. |
| |
Infrastructure: Inadequate IT infr.& systems to effectively support the needs of the business. (hardware, networks, software, people and processes) |
|
Best approach when conducting an risk awareness campaign |
Infrastructure: Inadequate IT infr.& systems to effectively support the needs of the business. (hardware, networks, software, people and processes) |
Integrity: Incomplete, incorrect or inaccurate data |
Integrity: Incomplete, incorrect or inaccurate data |
Investment/Expense: IT investment fails to provide value commensurate with its cost or is otherwise excessive or wasteful, including the overall IT investment portfolio. |
Investment/Expense: IT investment fails to provide value commensurate with its cost or is otherwise excessive or wasteful, including the overall IT investment portfolio. |
Project Ownership: IT projects failure due to lack of accountability and commitment |
Project Ownership: IT projects failure due to lack of accountability and commitment |
Relevance: The right information may not get to the right recipients at the right time to allow the right action to be taken |
|
|
|
