Search results
Jump to navigation
Jump to search
Page title matches
- ...ess. Risk assessment is [[measurement|measuring]] two quantities of the [[risk]] ''R'', the magnitude of the potential loss ''L'', and the probability ''p :[[image:risk.jpg|thumb|400px|Risk]] ...10 KB (1,633 words) - 16:03, 22 December 2007
- ==Risk Management== ...cepting some or all of the consequences of a particular risk. Traditional risk management focuses on risks stemming from physical or legal causes (e.g. na ...43 KB (6,368 words) - 11:22, 4 July 2015
Page text matches
- '''PO 9.2 Establishment of Risk Context'''<br> ...the internal and external context of each risk assessment, the goal of the assessment and the criteria against which risks are evaluated.<br> ...2 KB (317 words) - 20:10, 1 May 2006
- ...ess that identifies threats, vulnerabilities, and results in a formal risk assessment. ...2 KB (294 words) - 14:46, 2 March 2007
- '''AI 6.2 Impact Assessment, Prioritization and Authorization'''<br> ...ured way for impacts on the operational system and its functionality. This assessment should include categorization and prioritization of changes. Prior to migra ...2 KB (346 words) - 20:00, 23 June 2006
- [[ME1.4:| 1.4 Performance Assessment]]<br> [[ME2.4:| 2.4 Control Self-assessment]]<br> ...2 KB (195 words) - 19:06, 14 June 2007
- ==IT Risk Management Process== ...ent process. Therefore, the ability to mitigate IT risks is dependent upon risk assessments. Senior management should identify, measure, control, and monit ...4 KB (528 words) - 16:58, 28 March 2010
- '''ME 2.4 Control Self-assessment'''<br> ...IT processes, policies and contracts through a continuing program of self-assessment.<br> ...2 KB (261 words) - 13:09, 4 May 2006
- ...ess. Risk assessment is [[measurement|measuring]] two quantities of the [[risk]] ''R'', the magnitude of the potential loss ''L'', and the probability ''p :[[image:risk.jpg|thumb|400px|Risk]] ...10 KB (1,633 words) - 16:03, 22 December 2007
- ::'''1. Risk: The transfer of programs into the live environment is not appropriately co 1. Determine that a risk assessment of the potential impact of changes to system software is performed. ...2 KB (303 words) - 19:58, 23 June 2006
- ::'''9. Risk: Insufficient control over authorization, authentication, nonrepudiation, d 2. Inquire whether management has performed an independent assessment of controls within the past year (e.g., ethical hacking, social engineering ...3 KB (360 words) - 17:03, 9 April 2007
- [[Risk Assessment and Treatment:|'''Risk Assessment and Treatment''']]<br> ==COSO Enterprise Risk Management Framework Domains:== ...3 KB (378 words) - 21:27, 18 January 2015
- '''PO 9.4 Risk Assessment'''<br> ...e methods. The likelihood and impact associated with inherent and residual risk should be determined individually, by category and on a portfolio basis.<br ...2 KB (304 words) - 20:21, 1 May 2006
- ...egrity, confidentiality, and accountability, with a different appetite for risk on the part of management. ...trategies should consider the different risk environment and the degree of risk mitigation necessary to protect the institution in the event the continuity ...9 KB (1,274 words) - 00:17, 1 June 2007
- ...ves and controls themselves, including a structure for risk assessment and risk management<br> ...ulnerability Assessment and Management Policy:|'''Sample ISO Vulnerability Assessment and Management Policy''']]<br> ...8 KB (1,063 words) - 13:25, 23 May 2007
- ...Security Evaluation - Comprehensive information security control and risk assessment guidance for the enterprise demystified. This presentation was offered at t ...s covers security and business risks, anatomy of an attack, and a security risk discussion exercise.<br> ...5 KB (653 words) - 12:45, 25 April 2007
- ::'''1. Risk: Insufficient configuration controls can lead to security and availability :::a. [[SOX.2.0.32:|'''SOX.2.0.32''']] Periodic testing and assessment is performed to confirm that the software and network infrastructure is app ...2 KB (288 words) - 18:53, 25 June 2006
- ...r handling and correction, and formal approval. Based on assessment of the risk of system failure and errors on implementation, the plan should include req '''Risk Association Control Activities:'''<br> ...2 KB (322 words) - 17:43, 3 May 2006
- *4: [[Risk management|Risk assessment and treatment]] - analysis of the organization's information security risks ...to its particular circumstances. (The introduction section outlines a risk assessment process although there are more specific standards covering this area such ...6 KB (847 words) - 16:57, 26 March 2007
- =='''Vulnerability Assessment Standard'''== ...Policy''']] defines objectives for establishing specific standards on the assessment and ongoing management of vulnerabilities.<br> ...11 KB (1,433 words) - 14:11, 1 May 2010
- '''PO 1.3 Assessment of Current Performance'''<br> '''Risk Association Control Activities:'''<br> ...4 KB (586 words) - 01:37, 1 May 2006
- ::'''1. Risk: Business requirements are not met or third parties have inappropriate acce ...efore selection, potential third parties are properly qualified through an assessment of their capability to deliver the required service and a review of their f ...2 KB (317 words) - 18:30, 14 June 2006
- ...dance with the defined acceptance plan and based on an impact and resource assessment that includes performance sizing in a separate test environment by an indep '''Risk Association Control Activities:'''<br> ...3 KB (497 words) - 14:57, 23 June 2006
- ...ore broadly-focused of these two fields, IA consists more of the strategic risk management of information systems rather than the creation and application ...of the threats' impact and the probability of their occurring is the total risk to the information asset. ...7 KB (983 words) - 10:41, 15 April 2012
- ...ablished in the Asset Protection Policy, Acceptable Use Policy, and Threat Assessment and Monitoring Policy.<br> ...port the objectives established in the Asset Protection Policy, and Threat Assessment and Monitoring Policy.<br> ...8 KB (1,023 words) - 17:25, 24 October 2006
- =='''Sample Threat Assessment Standard'''== ...Policy''']] defines objectives for establishing specific standards on the assessment and ongoing monitoring of threats to Company information assets.<br> ...8 KB (1,149 words) - 14:09, 1 May 2010
- '''ME 1.4 Performance Assessment'''<br> '''Risk Association Control Activities:'''<br> ...2 KB (263 words) - 12:37, 4 May 2006
- ::'''(B)''' an assessment (made on the basis of the results of the testing) of compliance with—<br> ...ny information security vulnerability in such system commensurate with the risk and in accordance with all applicable laws.<br> ...4 KB (682 words) - 19:17, 3 June 2010
- [[PO1.3:| 1.3 Assessment of Current Performance]]<br> [[PO4.8:| 4.8 Responsibility for Risk, Security and Compliance]]<br> ...4 KB (517 words) - 19:07, 14 June 2007
- Identify and initiate remedial actions based on the performance monitoring, assessment and reporting. This includes follow-up of all monitoring, reporting and ass '''Risk Association Control Activities:'''<br> ...2 KB (284 words) - 12:41, 4 May 2006
- ...Policy''']] defines objectives for establishing specific standards on the assessment and ongoing management of vulnerabilities.<br> ...le Vulnerability Assessment and Management Policy:|'''Sample Vulnerability Assessment and Management Policy''']], and provides specific instructions and requirem ...9 KB (1,122 words) - 14:12, 1 May 2010
- '''Risk Association Control Activities:''' ::'''1. Risk: Insufficient configuration controls can lead to security and availability ...3 KB (429 words) - 18:55, 25 June 2006
- * Periodic assessments of risk, including the magnitude of harm that could result from the unauthorized ac * Policies and procedures that are based on risk assessments, cost-effectively reduce information security risks to an accep ...9 KB (1,252 words) - 19:19, 19 April 2010
- * Specifications based on a thorough risk assessment, that considers appropriate algorithm selections, key management and other ...ntrol the installation of software on operational systems, to minimize the risk of interruptions in or corruption of information services.<br> ...9 KB (1,170 words) - 14:05, 22 May 2007
- '''Risk Association Control Activities:'''<br> ::'''1. Risk: Controls provide reasonable assurance that the systems are appropriately t ...10 KB (1,393 words) - 14:28, 23 June 2006
- ...ly used where the impact of a change could have severe [[Risk_management | risk]] and or financial consequence. Typical examples from the computer and comp ...'''IMPACT ASSESSMENT'''. The IMPACT ASSESSOR or ASSESSORS then make their risk analysis and make a judgment on who should carry out the Change, typically ...3 KB (533 words) - 14:15, 23 April 2010
- Optimize the investment, use and allocation of IT assets through regular assessment, making sure that IT has sufficient, competent and capable resources to exe '''Risk Association Control Activities:'''<br> ...2 KB (329 words) - 13:34, 4 May 2006
- ...ess needs, patch management and upgrade strategies, risks, vulnerabilities assessment and security requirements.<br> '''Risk Association Control Activities:'''<br> ...6 KB (819 words) - 13:54, 23 June 2006
- '''Risk Association Control Activities:'''<br> ...s and security staff, and specialist skills in areas such as insurance and risk management.<br> ...3 KB (470 words) - 13:39, 6 March 2007
- Translate business information requirements, IT configuration, information risk action plans and information security culture into an overall IT security p '''Risk Association Control Activities:''' ...10 KB (1,333 words) - 17:44, 25 June 2006
- # [[IT risk management#Risk assessment|Risk assessment]] ...ering this area such as [[ISO/IEC 27005]]. The use of information security risk analysis to drive the selection and implementation of information security ...8 KB (1,111 words) - 10:30, 15 April 2012
- ...critical activities by the end of the business day could present systemic risk. The agencies believe that many, if not most, of the 15-20 major banks and :* Risk assessment ...5 KB (705 words) - 13:42, 30 May 2007
- ...upport the institution’s technology needs, the ultimate responsibility and risk rests with the institution. Financial institutions are required under the 5 ...ey are maintaining those controls when indicated by the institution’s risk assessment ...6 KB (829 words) - 19:14, 17 April 2007
- ::'''(B)''' an assessment (made on the basis of the results of the testing) of compliance with—<br> ...ny information security vulnerability in such system commensurate with the risk and in accordance with all applicable laws.<br> ...4 KB (634 words) - 13:00, 4 June 2010
- ...ionally, the degree of internal access granted to some users increases the risk of accidental damage or loss of information and systems.<br> '''Risk exposures from internal users include:''' ...10 KB (1,327 words) - 12:54, 10 April 2007
- * Proposing methodologies and processes (e.g., risk assessment) subject to management approval<br> * A risk assessment to identify any requirements for specific controls, taking into account cha ...8 KB (996 words) - 12:49, 22 May 2007
- ...ct and secure operation of information processing facilities; minimize the risk of systems failures; protect the integrity of software and information; mai ...lan should address the budget, periodic board reporting, and the status of risk management controls.<br> ...19 KB (2,609 words) - 13:51, 23 May 2007
- ...ertificates. Certification involves a multistage process with a number of assessment visits. After the initial certification activities and issue of a certific ...beginners guide but describes the overall processes, its relationship with risk management and reasons for an organization to implement along with the bene ...7 KB (1,040 words) - 10:48, 27 October 2012
- ==Transaction or Operations Risk== ...risk exists in each product and service offered. The level of transaction risk is affected by the structure of the institution’s processing environment, i ...11 KB (1,523 words) - 10:04, 28 April 2007
- ...nformation_Security_Audit | audit]] activities, such as control and [[risk assessment]]s, on a more frequent basis. Technology plays a key role in continuous aud ...hile there are alternatives to ITAM, it is widely held that it is the best assessment application available and seamlessly supports the former continuous auditin ...15 KB (2,212 words) - 17:29, 19 February 2015
- ...process, access to a credit report is critical for a lender to make a risk assessment. Because a credit freeze effectively stops any access to the credit report, ...ue a loan in the borrower's name. Hence, credit freezing should reduce the risk that loans or credit cards will be issued fraudulently. Credit freezes do h ...4 KB (663 words) - 12:59, 12 November 2011
- ...that identifies threats, and vulnerabilities, and results in a formal risk assessment.]]<br> ...ntrol.jpg]][[PCI-12.7:|PCI-12.7 Screen potential employees to minimize the risk of attacks from internal sources.]]<br> ...7 KB (988 words) - 19:11, 7 July 2006