Search results
Jump to navigation
Jump to search
Page title matches
- ...ess. Risk assessment is [[measurement|measuring]] two quantities of the [[risk]] ''R'', the magnitude of the potential loss ''L'', and the probability ''p :[[image:risk.jpg|thumb|400px|Risk]] ...10 KB (1,633 words) - 16:03, 22 December 2007
- ==Risk Management== ...cepting some or all of the consequences of a particular risk. Traditional risk management focuses on risks stemming from physical or legal causes (e.g. na ...43 KB (6,368 words) - 11:22, 4 July 2015
Page text matches
- '''PO 9.2 Establishment of Risk Context'''<br> ...the internal and external context of each risk assessment, the goal of the assessment and the criteria against which risks are evaluated.<br> ...2 KB (317 words) - 20:10, 1 May 2006
- ...ess that identifies threats, vulnerabilities, and results in a formal risk assessment. ...2 KB (294 words) - 14:46, 2 March 2007
- '''AI 6.2 Impact Assessment, Prioritization and Authorization'''<br> ...ured way for impacts on the operational system and its functionality. This assessment should include categorization and prioritization of changes. Prior to migra ...2 KB (346 words) - 20:00, 23 June 2006
- [[ME1.4:| 1.4 Performance Assessment]]<br> [[ME2.4:| 2.4 Control Self-assessment]]<br> ...2 KB (195 words) - 19:06, 14 June 2007
- ==IT Risk Management Process== ...ent process. Therefore, the ability to mitigate IT risks is dependent upon risk assessments. Senior management should identify, measure, control, and monit ...4 KB (528 words) - 16:58, 28 March 2010
- '''ME 2.4 Control Self-assessment'''<br> ...IT processes, policies and contracts through a continuing program of self-assessment.<br> ...2 KB (261 words) - 13:09, 4 May 2006
- ...ess. Risk assessment is [[measurement|measuring]] two quantities of the [[risk]] ''R'', the magnitude of the potential loss ''L'', and the probability ''p :[[image:risk.jpg|thumb|400px|Risk]] ...10 KB (1,633 words) - 16:03, 22 December 2007
- ::'''1. Risk: The transfer of programs into the live environment is not appropriately co 1. Determine that a risk assessment of the potential impact of changes to system software is performed. ...2 KB (303 words) - 19:58, 23 June 2006
- ::'''9. Risk: Insufficient control over authorization, authentication, nonrepudiation, d 2. Inquire whether management has performed an independent assessment of controls within the past year (e.g., ethical hacking, social engineering ...3 KB (360 words) - 17:03, 9 April 2007
- [[Risk Assessment and Treatment:|'''Risk Assessment and Treatment''']]<br> ==COSO Enterprise Risk Management Framework Domains:== ...3 KB (378 words) - 21:27, 18 January 2015
- '''PO 9.4 Risk Assessment'''<br> ...e methods. The likelihood and impact associated with inherent and residual risk should be determined individually, by category and on a portfolio basis.<br ...2 KB (304 words) - 20:21, 1 May 2006
- ...egrity, confidentiality, and accountability, with a different appetite for risk on the part of management. ...trategies should consider the different risk environment and the degree of risk mitigation necessary to protect the institution in the event the continuity ...9 KB (1,274 words) - 00:17, 1 June 2007
- ...ves and controls themselves, including a structure for risk assessment and risk management<br> ...ulnerability Assessment and Management Policy:|'''Sample ISO Vulnerability Assessment and Management Policy''']]<br> ...8 KB (1,063 words) - 13:25, 23 May 2007
- ...Security Evaluation - Comprehensive information security control and risk assessment guidance for the enterprise demystified. This presentation was offered at t ...s covers security and business risks, anatomy of an attack, and a security risk discussion exercise.<br> ...5 KB (653 words) - 12:45, 25 April 2007
- ::'''1. Risk: Insufficient configuration controls can lead to security and availability :::a. [[SOX.2.0.32:|'''SOX.2.0.32''']] Periodic testing and assessment is performed to confirm that the software and network infrastructure is app ...2 KB (288 words) - 18:53, 25 June 2006
- ...r handling and correction, and formal approval. Based on assessment of the risk of system failure and errors on implementation, the plan should include req '''Risk Association Control Activities:'''<br> ...2 KB (322 words) - 17:43, 3 May 2006
- *4: [[Risk management|Risk assessment and treatment]] - analysis of the organization's information security risks ...to its particular circumstances. (The introduction section outlines a risk assessment process although there are more specific standards covering this area such ...6 KB (847 words) - 16:57, 26 March 2007
- =='''Vulnerability Assessment Standard'''== ...Policy''']] defines objectives for establishing specific standards on the assessment and ongoing management of vulnerabilities.<br> ...11 KB (1,433 words) - 14:11, 1 May 2010
- '''PO 1.3 Assessment of Current Performance'''<br> '''Risk Association Control Activities:'''<br> ...4 KB (586 words) - 01:37, 1 May 2006
- ::'''1. Risk: Business requirements are not met or third parties have inappropriate acce ...efore selection, potential third parties are properly qualified through an assessment of their capability to deliver the required service and a review of their f ...2 KB (317 words) - 18:30, 14 June 2006
- ...dance with the defined acceptance plan and based on an impact and resource assessment that includes performance sizing in a separate test environment by an indep '''Risk Association Control Activities:'''<br> ...3 KB (497 words) - 14:57, 23 June 2006
- ...ore broadly-focused of these two fields, IA consists more of the strategic risk management of information systems rather than the creation and application ...of the threats' impact and the probability of their occurring is the total risk to the information asset. ...7 KB (983 words) - 10:41, 15 April 2012
- ...ablished in the Asset Protection Policy, Acceptable Use Policy, and Threat Assessment and Monitoring Policy.<br> ...port the objectives established in the Asset Protection Policy, and Threat Assessment and Monitoring Policy.<br> ...8 KB (1,023 words) - 17:25, 24 October 2006
- =='''Sample Threat Assessment Standard'''== ...Policy''']] defines objectives for establishing specific standards on the assessment and ongoing monitoring of threats to Company information assets.<br> ...8 KB (1,149 words) - 14:09, 1 May 2010
- '''ME 1.4 Performance Assessment'''<br> '''Risk Association Control Activities:'''<br> ...2 KB (263 words) - 12:37, 4 May 2006
- ::'''(B)''' an assessment (made on the basis of the results of the testing) of compliance with—<br> ...ny information security vulnerability in such system commensurate with the risk and in accordance with all applicable laws.<br> ...4 KB (682 words) - 19:17, 3 June 2010
- [[PO1.3:| 1.3 Assessment of Current Performance]]<br> [[PO4.8:| 4.8 Responsibility for Risk, Security and Compliance]]<br> ...4 KB (517 words) - 19:07, 14 June 2007
- Identify and initiate remedial actions based on the performance monitoring, assessment and reporting. This includes follow-up of all monitoring, reporting and ass '''Risk Association Control Activities:'''<br> ...2 KB (284 words) - 12:41, 4 May 2006
- ...Policy''']] defines objectives for establishing specific standards on the assessment and ongoing management of vulnerabilities.<br> ...le Vulnerability Assessment and Management Policy:|'''Sample Vulnerability Assessment and Management Policy''']], and provides specific instructions and requirem ...9 KB (1,122 words) - 14:12, 1 May 2010
- '''Risk Association Control Activities:''' ::'''1. Risk: Insufficient configuration controls can lead to security and availability ...3 KB (429 words) - 18:55, 25 June 2006
- * Periodic assessments of risk, including the magnitude of harm that could result from the unauthorized ac * Policies and procedures that are based on risk assessments, cost-effectively reduce information security risks to an accep ...9 KB (1,252 words) - 19:19, 19 April 2010
- * Specifications based on a thorough risk assessment, that considers appropriate algorithm selections, key management and other ...ntrol the installation of software on operational systems, to minimize the risk of interruptions in or corruption of information services.<br> ...9 KB (1,170 words) - 14:05, 22 May 2007
- '''Risk Association Control Activities:'''<br> ::'''1. Risk: Controls provide reasonable assurance that the systems are appropriately t ...10 KB (1,393 words) - 14:28, 23 June 2006
- ...ly used where the impact of a change could have severe [[Risk_management | risk]] and or financial consequence. Typical examples from the computer and comp ...'''IMPACT ASSESSMENT'''. The IMPACT ASSESSOR or ASSESSORS then make their risk analysis and make a judgment on who should carry out the Change, typically ...3 KB (533 words) - 14:15, 23 April 2010
- Optimize the investment, use and allocation of IT assets through regular assessment, making sure that IT has sufficient, competent and capable resources to exe '''Risk Association Control Activities:'''<br> ...2 KB (329 words) - 13:34, 4 May 2006
- ...ess needs, patch management and upgrade strategies, risks, vulnerabilities assessment and security requirements.<br> '''Risk Association Control Activities:'''<br> ...6 KB (819 words) - 13:54, 23 June 2006
- '''Risk Association Control Activities:'''<br> ...s and security staff, and specialist skills in areas such as insurance and risk management.<br> ...3 KB (470 words) - 13:39, 6 March 2007
- Translate business information requirements, IT configuration, information risk action plans and information security culture into an overall IT security p '''Risk Association Control Activities:''' ...10 KB (1,333 words) - 17:44, 25 June 2006
- # [[IT risk management#Risk assessment|Risk assessment]] ...ering this area such as [[ISO/IEC 27005]]. The use of information security risk analysis to drive the selection and implementation of information security ...8 KB (1,111 words) - 10:30, 15 April 2012
- ...critical activities by the end of the business day could present systemic risk. The agencies believe that many, if not most, of the 15-20 major banks and :* Risk assessment ...5 KB (705 words) - 13:42, 30 May 2007
- ...upport the institution’s technology needs, the ultimate responsibility and risk rests with the institution. Financial institutions are required under the 5 ...ey are maintaining those controls when indicated by the institution’s risk assessment ...6 KB (829 words) - 19:14, 17 April 2007
- ::'''(B)''' an assessment (made on the basis of the results of the testing) of compliance with—<br> ...ny information security vulnerability in such system commensurate with the risk and in accordance with all applicable laws.<br> ...4 KB (634 words) - 13:00, 4 June 2010
- ...ionally, the degree of internal access granted to some users increases the risk of accidental damage or loss of information and systems.<br> '''Risk exposures from internal users include:''' ...10 KB (1,327 words) - 12:54, 10 April 2007
- * Proposing methodologies and processes (e.g., risk assessment) subject to management approval<br> * A risk assessment to identify any requirements for specific controls, taking into account cha ...8 KB (996 words) - 12:49, 22 May 2007
- ...ct and secure operation of information processing facilities; minimize the risk of systems failures; protect the integrity of software and information; mai ...lan should address the budget, periodic board reporting, and the status of risk management controls.<br> ...19 KB (2,609 words) - 13:51, 23 May 2007
- ...ertificates. Certification involves a multistage process with a number of assessment visits. After the initial certification activities and issue of a certific ...beginners guide but describes the overall processes, its relationship with risk management and reasons for an organization to implement along with the bene ...7 KB (1,040 words) - 10:48, 27 October 2012
- ==Transaction or Operations Risk== ...risk exists in each product and service offered. The level of transaction risk is affected by the structure of the institution’s processing environment, i ...11 KB (1,523 words) - 10:04, 28 April 2007
- ...nformation_Security_Audit | audit]] activities, such as control and [[risk assessment]]s, on a more frequent basis. Technology plays a key role in continuous aud ...hile there are alternatives to ITAM, it is widely held that it is the best assessment application available and seamlessly supports the former continuous auditin ...15 KB (2,212 words) - 17:29, 19 February 2015
- ...process, access to a credit report is critical for a lender to make a risk assessment. Because a credit freeze effectively stops any access to the credit report, ...ue a loan in the borrower's name. Hence, credit freezing should reduce the risk that loans or credit cards will be issued fraudulently. Credit freezes do h ...4 KB (663 words) - 12:59, 12 November 2011
- ...that identifies threats, and vulnerabilities, and results in a formal risk assessment.]]<br> ...ntrol.jpg]][[PCI-12.7:|PCI-12.7 Screen potential employees to minimize the risk of attacks from internal sources.]]<br> ...7 KB (988 words) - 19:11, 7 July 2006
- [[AI1.2:| 1.2 Risk Analysis Report]]<br> [[AI6.2:| 6.2 Impact Assessment, Prioritization and Authorization]]<br> ...3 KB (341 words) - 19:07, 14 June 2007
- ...zone. The requirements for each zone should be determined through the risk assessment.<br> '''The risk assessment should include, but is not limited to, the following threats:'''<br> ...10 KB (1,485 words) - 14:22, 10 April 2007
- ...risk management method is in the context of project management, security, risk analysis, industrial processes, financial portfolios, actuarial assessments ...of the risk, and accepting some or all of the consequences of a particular risk. ...27 KB (4,185 words) - 23:45, 10 March 2010
- ...anized, systematic approach, you can approach risk management effectively. Risk simply put is the negative impact to business assets by the exercise of vul ...am for a commercial enterprise, the processes of calculating the cost of a risk exposure and what the appropriate costs of mitigating those risks should be ...23 KB (3,630 words) - 10:19, 27 October 2012
- ...ost and Risk of Complex Matters | Active Management to Reduce the Cost and Risk of Complex Matters]] ...the risk a... | Avoid that feeling of uncertainty: the power to reduce the risk a...]] ...16 KB (2,124 words) - 11:06, 16 March 2010
- ...refers to the formal authorization for system operation and acceptance of risk by an accrediting authority.<br> ::1. Risk Assessment:<br> ...16 KB (2,312 words) - 14:14, 1 May 2010
- ...uidelines''' defines objectives for establishing specific standards on the assessment and ongoing management of wireless technologies utilized for the extension ...refers to the likelihood of loss, damage, or injury to information assets. Risk is present if a threat can exploit an actual vulnerability to adversely imp ...8 KB (1,123 words) - 16:01, 2 August 2009
- '''Risk Association Control Activities:''' ...ot meet business, compliance and regulatory needs of the business inducing risk.'''<br> ...21 KB (3,010 words) - 15:52, 25 June 2006
- ...nvestment practices. Generally speaking, these rules mean that the greater risk to which the bank is exposed, the greater the amount of capital the bank ne # Ensuring that Capital requirement is more risk sensitive; ...19 KB (2,934 words) - 21:46, 2 September 2012
- ==Risk Association Control Activities:== ...s and security staff, and specialist skills in areas such as insurance and risk management.<br> ...9 KB (1,301 words) - 16:55, 25 April 2007
- ...dentify and provide information security protections commensurate with the risk and magnitude of the harm resulting from the unauthorized access, use, disc ::'''(B)''' an assessment of the development, promulgation, and adoption of, and compliance with, sta ...4 KB (671 words) - 10:44, 1 June 2010
- ...hould be allotted into various areas: policy, awareness and training, risk assessment, technology, and process.<br> ...6 KB (839 words) - 16:22, 23 April 2007
- ==Risk Management== ...cepting some or all of the consequences of a particular risk. Traditional risk management focuses on risks stemming from physical or legal causes (e.g. na ...43 KB (6,368 words) - 11:22, 4 July 2015
- ...ports associated with IT. Refer to [[Risk Assessment and Treatment: | Risk Assessment and Treatment]] for more guidance. Audit management should oversee the staf ...intain or improve the efficiency and effectiveness of the institution’s IT risk management, internal controls, and corporate governance.<br> ...28 KB (4,089 words) - 14:37, 16 April 2007
- ...ample Information Security Program Charter''']], the Company will follow a risk management approach to develop and implement Information Security policies, ...intended to address the specific requirements identified via a formal risk assessment. The standard is also intended to provide a guide for the development of or ...10 KB (1,314 words) - 18:06, 15 March 2009
- ...ed return on investment, but also significant risk of noncompliance (legal risk).<br> ...it or commercial-centric) dramatically affect factors such as maturity and risk.<br> ...11 KB (1,601 words) - 12:58, 10 April 2007
- ...ample Information Security Program Charter''']], the Company will follow a risk management approach to develop and implement Information Security policies, ...intended to address the specific requirements identified via a formal risk assessment. The standard is also intended to provide a guide for the development of or ...8 KB (1,068 words) - 17:23, 16 October 2009
- ...n Guidelines defines objectives for establishing specific standards on the assessment and ongoing management of vulnerabilities.<br> ...refers to the likelihood of loss, damage, or injury to information assets. Risk is present if a threat can exploit an actual vulnerability to adversely imp ...14 KB (2,165 words) - 16:53, 22 September 2009
- ...II objectives and procedures provide additional validation as warranted by risk to verify the effectiveness of the institution’s audit function. Tier II qu :1. Review past reports for outstanding issues, previous problems, or high-risk areas with insufficient coverage related to IT. Consider: ...32 KB (4,518 words) - 17:53, 11 April 2007
- :::B. Perform risk assessment:<br> :::F. Conduct independent vulnerability assessment of the system, including the infrastructure and application.<br> ...12 KB (1,656 words) - 14:15, 1 May 2010
- '''Risk Association Control Activities:'''<br> ::'''1. Risk: Business requirements are not met or third parties have inappropriate acce ...39 KB (5,914 words) - 17:55, 13 April 2007
- ...ormation where a reasonable person would consider that there exists a real risk of significant harm to an individual as a result. * An assessment of the risk of harm to individuals as a result of the loss or unauthorized access or di ...18 KB (2,700 words) - 16:17, 29 August 2014
- ...ssues such as auditor independence, corporate governance, internal control assessment, and enhanced financial disclosure. ...relationship, conceivably placing a significant consulting arrangement at risk, damaging the auditing firm's bottom line. ...38 KB (5,614 words) - 14:31, 15 April 2010
- * Intrusion detection and security risk assessment ...ion, possibly filling up your disks. Backup logs periodically to avoid the risk of filling up your disks. The logs should be written to a mount point/direc ...18 KB (2,920 words) - 17:59, 18 May 2007
- ...made in accordance with the Change Control Standard; supporting test, risk assessment, and documentation efforts; and participating in restoration efforts, as re ...12 KB (1,684 words) - 14:14, 1 May 2010
- ...a coverage of compromised business web sites show us that databases are at risk.<br> The risk is so great, in fact, that the world's largest payment networks, Visa and M ...28 KB (4,261 words) - 11:45, 28 March 2008
- ...engineering, system engineering, project management, software maintenance, risk management, system acquisition, information technology (IT), services, busi ...r comparison and as an aid to understanding - for example, for comparative assessment of different organizations where there is something in common that can be u ...12 KB (1,863 words) - 11:32, 9 June 2010
- ...l institutions should review access rights on a schedule commensurate with risk.<br> Depending on the risk associated with the access, authorized internal users should generally rece ...78 KB (11,440 words) - 02:00, 10 April 2007
- ...organizations establish [[Compliance and Ethics Programs]] to minimize the risk that the firm steps outside of ethical and legal boundaries. *oversight and management of risk ...29 KB (4,284 words) - 17:19, 20 April 2010
- ...s highlighted in a 1989 article by Kathleen Eisenhardt ("Agency theory: an assessment and review", Academy of Management Review). ...strategy will largely eliminate individual company financial risk or other risk and, therefore, these investors have even less interest in a particular com ...45 KB (6,604 words) - 15:20, 15 April 2010
- : Guarantees that trades will go through by legally assuming the risk of payments not made or securities not delivered. ...generally flow toward the institution funding the transaction and assuming risk in the process. In a credit card transaction, the interchange fee is paid b ...74 KB (11,078 words) - 13:08, 9 April 2007
- ...ictim, including the cost of responding to an offense, conducting a damage assessment, and restoring the data, program, system, or information to its condition p ...or knowingly and with reckless disregard of a substantial an unjustifiable risk that such transmission will cause damage to or deny usage of such computer ...85 KB (12,600 words) - 16:49, 1 March 2009