Free Newsletter
Register for our Free Newsletters
Zones
Access Control
Alarms
Biometrics
Detection
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
Surveillance
View All
Other Carouselweb publications
 
 
 
 
 
 
 
 
News

Risk IT framework comments solicited by IT Governance Institute

IT Governance Institute : 12 February, 2009  (Company News)
The ITGI is seeking feedback and public opinion on the Risk IT framework based on the COBIT IT governance tool set
The nonprofit, independent IT Governance Institute is seeking public comment on its new IT risk framework, which is based on the globally recognized COBIT IT governance tool set. Comments on Enterprise Risk: Identify, Govern and Manage IT Risk: The Risk IT Framework (Risk IT) will be accepted up until the 13 March 2009.

While COBIT (Control Objectives for Information and related Technology) sets good practices for the means of risk management, Risk IT sets good practices for the ends, by providing a framework for enterprises to identify, govern and manage risk.

The Risk IT framework explains IT Risk and will enable users to:

* Integrate the management of IT risk into the overall enterprise Risk Management of the organization
* Make well-informed decisions about the extent of the risk, the risk appetite and the risk tolerance of the enterprise
* Understand how to respond to risk

The Risk IT framework addresses many issues enterprises face today and provides:

* An accurate view of the current and near-future IT-related risks throughout the extended enterprise and the success with which the enterprise is addressing the risks
* End-to-end guidance on how to manage IT-related risks, beyond both purely technical control measures and security
* An understanding of how to capitalize on an investment made in an IT internal control system already in place to manage IT-related risk
* When assessing and managing IT risk, integration with the overall risk and compliance structures within the enterprise
* A common framework/language to help manage the relationship amongst executive decision makers (board/senior management), the chief information officer (CIO) and enterprise risk management, or between auditors and management
* Promotion of risk responsibility and its acceptance throughout the enterprise
* A complete risk profile to better understand risk, so as to better utilize company resources

Risk IT is designed for:

* Top executives and boards of directors who need to set direction and monitor risk at the enterprise level
* Managers of IT and business departments who need to define Risk Management processes
* Risk Management professionals who need specific IT risk guidance
* External stakeholders

The framework has nine business processes divided into three domains: Risk Governance, Risk Evaluation and Risk Response. It also offers management guidelines, RACI (Responsible, Accountable, Consulted and Informed) charts, maturity models and goals and metrics.

As the Risk IT initiative evolves, it will include practitioner guidance, case studies and supporting materials.

Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com