Risk IT

Navigating the Five Common Responses to Negative Risk

Retrieved on: 
Monday, July 26, 2021

The enterprise has the ability, risk maturity, and the appropriate people, processes and technology to execute the chosen risk response option.

Key Points: 
  • The enterprise has the ability, risk maturity, and the appropriate people, processes and technology to execute the chosen risk response option.
  • The enterprise has considered how each risk response option influences the components of risk (loss frequency, loss magnitude and risk velocity).
  • Having an optimized risk response process is essential for helping enterprises manage risk efficiently, says Paul Phillips, CISA, CISM, MBA, ISACA IT Risk Professional Practices Lead.
  • Other available risk resources from ISACA include Risk IT Framework, 2nd Edition and COBIT Focus Area: Information and Technology Risk .

New COBIT Resources Help Organizations Navigate I&T Risk and DevOps

Retrieved on: 
Thursday, July 15, 2021

Providing business and technology leaders with new tools to support these efforts, COBIT Focus Area: Information and Technology Risk and COBIT Focus Area: DevOps , offer guidance based on COBIT 2019 to optimize governance and management practices for enterprise risk functions and for enterprises implementing DevOps.

Key Points: 
  • Providing business and technology leaders with new tools to support these efforts, COBIT Focus Area: Information and Technology Risk and COBIT Focus Area: DevOps , offer guidance based on COBIT 2019 to optimize governance and management practices for enterprise risk functions and for enterprises implementing DevOps.
  • COBIT Focus Area: Information and Technology Risk demonstrates how COBIT 2019 can be tailored as an information and technology (I&T) framework and system, examining COBIT concepts from an I&T risk perspective and showing how COBIT can be used to design, implement, govern and manage I&T risk capabilities in the enterprise.
  • COBIT Focus Area: DevOps Using COBIT 2019 provides tailored guidance specific to the governance and management system components relevant to DevOps.
  • COBIT Focus Area: Information and Technology Risk also includes examples of I&T risk scenarios, a template for risk register entry, IT risk reporting examples and sample risk maps.

Tactics for Effectively Communicating Cybersecurity Risk to Boards of Directors Outlined in New ISACA Paper

Retrieved on: 
Wednesday, January 6, 2021

ISACAs new white paper, Reporting Cybersecurity Risk to the Board of Directors , outlines how cybersecurity and risk professionals can effectively communicate with their boards of directors about cybersecurity and its link to business objectives.

Key Points: 
  • ISACAs new white paper, Reporting Cybersecurity Risk to the Board of Directors , outlines how cybersecurity and risk professionals can effectively communicate with their boards of directors about cybersecurity and its link to business objectives.
  • Reporting Cybersecurity Risk to the Board of Directors provides cybersecurity and risk professionals with a foundational understanding of how boards of directors are structured, as well as offers guidance around how to present cybersecurity as a business issueincluding helping boards understand their legal and regulatory obligations, the potential disruption to systems, and risk of data loss and theft.
  • The paper also guides cybersecurity and risk professionals in translating information around threat intelligence, risk identification and scenario analysis, risk management, cyberrisk economics and budgeting in ways that will resonate with leadership.
  • For more information on IT risk, including ISACAs complimentary Risk IT Framework and Risk IT Practitioner Guide , visit www.isaca.org/resources/it-risk .

Prevalent Delivers Industry's Most Comprehensive Third-Party Risk Management Platform

Retrieved on: 
Monday, February 24, 2020

Prevalent also announced new product options that include unlimited management of vendors, tiering, profiling and inherent risk assessments that enable organizations new to Vendor Risk Management to get up to speed quickly and painlessly.

Key Points: 
  • Prevalent also announced new product options that include unlimited management of vendors, tiering, profiling and inherent risk assessments that enable organizations new to Vendor Risk Management to get up to speed quickly and painlessly.
  • The Prevalent Third-Party Risk Management Platform is a unified solution that combines automated standardized vendor risk assessments, workflow, remediation management and continuous threat monitoring across the entire vendor life cycle to deliver a 360-degree view of vendor risks.
  • The new Prevalent platform has enhanced its API to enable task and risk item management, where customers can create and manage task and risk items via the API.
  • With this capability, customers can easily centrally manage third-party risk management, IT service management activities and other enterprise risk management activities; analyze third party risk data with other risk data; and reduce the number of log-ins and platforms to manage.