Search results
Jump to navigation
Jump to search
Page title matches
- ...ess. Risk assessment is [[measurement|measuring]] two quantities of the [[risk]] ''R'', the magnitude of the potential loss ''L'', and the probability ''p :[[image:risk.jpg|thumb|400px|Risk]] ...10 KB (1,633 words) - 16:03, 22 December 2007
- ==Risk Management== ...cepting some or all of the consequences of a particular risk. Traditional risk management focuses on risks stemming from physical or legal causes (e.g. na ...43 KB (6,368 words) - 11:22, 4 July 2015
Page text matches
- '''PO 9.2 Establishment of Risk Context'''<br> ...the internal and external context of each risk assessment, the goal of the assessment and the criteria against which risks are evaluated.<br> ...2 KB (317 words) - 20:10, 1 May 2006
- ...ess that identifies threats, vulnerabilities, and results in a formal risk assessment. ...2 KB (294 words) - 14:46, 2 March 2007
- '''AI 6.2 Impact Assessment, Prioritization and Authorization'''<br> ...ured way for impacts on the operational system and its functionality. This assessment should include categorization and prioritization of changes. Prior to migra ...2 KB (346 words) - 20:00, 23 June 2006
- [[ME1.4:| 1.4 Performance Assessment]]<br> [[ME2.4:| 2.4 Control Self-assessment]]<br> ...2 KB (195 words) - 19:06, 14 June 2007
- ==IT Risk Management Process== ...ent process. Therefore, the ability to mitigate IT risks is dependent upon risk assessments. Senior management should identify, measure, control, and monit ...4 KB (528 words) - 16:58, 28 March 2010
- '''ME 2.4 Control Self-assessment'''<br> ...IT processes, policies and contracts through a continuing program of self-assessment.<br> ...2 KB (261 words) - 13:09, 4 May 2006
- ...ess. Risk assessment is [[measurement|measuring]] two quantities of the [[risk]] ''R'', the magnitude of the potential loss ''L'', and the probability ''p :[[image:risk.jpg|thumb|400px|Risk]] ...10 KB (1,633 words) - 16:03, 22 December 2007
- ::'''1. Risk: The transfer of programs into the live environment is not appropriately co 1. Determine that a risk assessment of the potential impact of changes to system software is performed. ...2 KB (303 words) - 19:58, 23 June 2006
- ::'''9. Risk: Insufficient control over authorization, authentication, nonrepudiation, d 2. Inquire whether management has performed an independent assessment of controls within the past year (e.g., ethical hacking, social engineering ...3 KB (360 words) - 17:03, 9 April 2007
- [[Risk Assessment and Treatment:|'''Risk Assessment and Treatment''']]<br> ==COSO Enterprise Risk Management Framework Domains:== ...3 KB (378 words) - 21:27, 18 January 2015
- '''PO 9.4 Risk Assessment'''<br> ...e methods. The likelihood and impact associated with inherent and residual risk should be determined individually, by category and on a portfolio basis.<br ...2 KB (304 words) - 20:21, 1 May 2006
- ...egrity, confidentiality, and accountability, with a different appetite for risk on the part of management. ...trategies should consider the different risk environment and the degree of risk mitigation necessary to protect the institution in the event the continuity ...9 KB (1,274 words) - 00:17, 1 June 2007
- ...ves and controls themselves, including a structure for risk assessment and risk management<br> ...ulnerability Assessment and Management Policy:|'''Sample ISO Vulnerability Assessment and Management Policy''']]<br> ...8 KB (1,063 words) - 13:25, 23 May 2007
- ...Security Evaluation - Comprehensive information security control and risk assessment guidance for the enterprise demystified. This presentation was offered at t ...s covers security and business risks, anatomy of an attack, and a security risk discussion exercise.<br> ...5 KB (653 words) - 12:45, 25 April 2007
- ::'''1. Risk: Insufficient configuration controls can lead to security and availability :::a. [[SOX.2.0.32:|'''SOX.2.0.32''']] Periodic testing and assessment is performed to confirm that the software and network infrastructure is app ...2 KB (288 words) - 18:53, 25 June 2006
- ...r handling and correction, and formal approval. Based on assessment of the risk of system failure and errors on implementation, the plan should include req '''Risk Association Control Activities:'''<br> ...2 KB (322 words) - 17:43, 3 May 2006
- *4: [[Risk management|Risk assessment and treatment]] - analysis of the organization's information security risks ...to its particular circumstances. (The introduction section outlines a risk assessment process although there are more specific standards covering this area such ...6 KB (847 words) - 16:57, 26 March 2007
- =='''Vulnerability Assessment Standard'''== ...Policy''']] defines objectives for establishing specific standards on the assessment and ongoing management of vulnerabilities.<br> ...11 KB (1,433 words) - 14:11, 1 May 2010
- '''PO 1.3 Assessment of Current Performance'''<br> '''Risk Association Control Activities:'''<br> ...4 KB (586 words) - 01:37, 1 May 2006
- ::'''1. Risk: Business requirements are not met or third parties have inappropriate acce ...efore selection, potential third parties are properly qualified through an assessment of their capability to deliver the required service and a review of their f ...2 KB (317 words) - 18:30, 14 June 2006