Search results

...luences operational risks (also referred to as transactional risks). These risks include the possibility of loss resulting from inadequate processes, person ...ls and discusses various development, acquisition, and maintenance project risks. Action summaries highlight the primary considerations within each section. ...

:* SP-3; Joint Interagency Issuance on End-User Computing Risks, January 1988 :* SP-8; Interagency Document on EDP Risks in Mergers & Acquisitions, September 1991 ...

...vernment-wide management and oversight of the related information security risks, including coordination of information security efforts throughout the civi ...

...vernment-wide management and oversight of the related information security risks, including coordination of information security efforts throughout the civi ...

...nsider the costs and benefits and select responses that constrain residual risks within the defined risk tolerance levels.<br> ...

Assess on a recurrent basis the likelihood and impact of all identified risks, using qualitative and quantitative methods. The likelihood and impact asso ...

...ported, enforced management policy maximizes the rewards and minimizes the risks of the open-source software model.<br> ...open source or not) will yield unacceptable levels of technical and legal risks for enterprises. Incorporate the following aspects in your open-source poli ...

::'''1. Risk: Third party processors create unacceptable control risks to the Company.'''<br> ...

* Report security events, potential events, or other risks to the organization and its assets<br> ...n(s)/sensitivity(ies) of the information to be accessed, and the perceived risks<br> ...

..., ensuring that the business and IT regularly assess and report IT-related risks and the impact on the business. Make sure IT management follows up on risk ...

...tion. Seek approval for recommended actions and acceptance of any residual risks, and ensure that committed actions are owned by the affected process owner( ...

==E-Banking Risks== Transaction or Operations risks arises from fraud, processing errors, system disruptions, or other unantici ...

...ects technology standards and practices based on their business relevance, risks and compliance with external requirements.<br> ...

...risk assessment, the goal of the assessment and the criteria against which risks are evaluated.<br> ...

::'''1. Risk: Security and business continuity risks are introduced by technical designs incompatible with enterprise standards. ...

...ves have been achieved, deliverables obtained, performance targets met and risks mitigated. Upon review, any deviations from expected performance should be ...

...ves have been achieved, deliverables obtained, performance targets met and risks mitigated. Integrate reporting with similar output from other business func ...

::Do not use scare tactics; give an even-handed presentation of risks. ...

...ountants created two trust services, WebTrust and SysTrust, to address the risks and opportunities of information technology. WebTrust reports provide assur ...e effectiveness of the security process in continually mitigating changing risks. Additionally, the SAS 70 report may not address whether the TSP is meeting ...

...inancial reporting bypass processes for identifying business requirements, risks, and for designing needed controls.'''<br> ...opment, test, and operational facilities should be separated to reduce the risks of unauthorized access or changes to the operational system.<br> ...

...plication security and availability requirements in response to identified risks, in line with data classification, the organization’s information security ...

::'''1. Risk: Security and business continuity risks are introduced by technical designs incompatible with enterprise standards. ...

...mplemented to enable the use of protection profiles and otherwise mitigate risks to data. If protection profiles are not used, the policies should accompl ...ts. Additionally, the devices may be lost or stolen. Mitigation of those risks typically involves encryption of sensitive data, host-provided access contr ...

::'''(C)''' implementing policies and procedures to cost-effectively reduce risks to an acceptable level; and<br> ::'''(B)''' cost-effectively reduce information security risks to an acceptable level;<br> ...

...curity staff should receive ongoing security training that covers emerging risks to sensitive Company information assets and the latest security trends. ...

DIACAP also uses weighted metrics to describe risks and their mitigation. ...

Identify and mitigate risks relating to suppliers’ ability to continue effective service delivery in a :::a. [[SOX.1.24:|'''SOX.1.24''']] Third-party service contracts address the risks, security controls and procedures for information systems and networks in t ...

::'''(C)''' implementing policies and procedures to cost-effectively reduce risks to an acceptable level; and<br> ::'''(B)''' cost-effectively reduce information security risks to an acceptable level;<br> ...

...ute to the enterprise’s strategic objectives (goals) and related costs and risks. It includes how IT will support IT-enabled investment programs and operati ...

::'''1. Risk: Security and business continuity risks are introduced by technical designs incompatible with enterprise standards. ...

::'''1. Risk: Security and business continuity risks are introduced by technical designs incompatible with enterprise standards. ...

...formation Security Program to manage Information Security-related business risks.<br> ...

...re based on risk assessments, cost-effectively reduce information security risks to an acceptable level, and ensure that information security is addressed t ...lying with organizational policies and procedures designed to reduce these risks ...

:* What single points of failure exist and how significant are those risks? ...

::'''2. Risk: Security and business continuity risks are introduced by technical designs incompatible with enterprise standards. ...

...inancial reporting bypass processes for identifying business requirements, risks, and for designing needed controls.'''<br> ...

...ion assurance (IA)''' is the practice of assuring information and managing risks related to the use, processing, storage, and transmission of information or ...fully considered. Thus, the IA practitioner does not seek to eliminate all risks, were that possible, but to manage them in the most [[cost-effective]] way. ...

...der future flexibility for capacity additions, transition costs, technical risks and the lifetime of the investment for technology upgrades. Assess the comp ...

::'''1. Risk: Security and business continuity risks are introduced by technical designs incompatible with enterprise standards. ...

::'''2. Risk: Security and business continuity risks are introduced by technical designs incompatible with enterprise standards. ...

'''1. ISO 17799 6.2.1: The risks to the organization’s information and information processing facilities fro ...to identify any requirements for specific controls. The identification of risks related to external party access should take into account the following iss ...

...that empowers the Program to manage Information Security-related business risks.<br> ...

...inancial reporting bypass processes for identifying business requirements, risks, and for designing needed controls.''' ...

...that empowers the Program to manage Information Security-related business risks.<br> ...

...inancial reporting bypass processes for identifying business requirements, risks, and for designing needed controls.'''<br> ...

...act of unfortunate events or to maximize the realization of opportunities. Risks can come from uncertainty in financial markets, project failures, legal lia ...rder. In practice the process can be very difficult, and balancing between risks with a high probability of occurrence but lower loss versus a risk with hig ...

::'''1. Risk: Security and business continuity risks are introduced by technical designs incompatible with enterprise standards. ...

...education and training to ensure continued awareness, and address emerging risks or topics of interest. Specific instructions and requirements for providing ...

...destruction to physical components. Conceptually, those physical security risks are mitigated through zone-oriented implementations. Zones are physical are ...te preventative and detective controls in each zone to protect against the risks of:<br> ...

...based on a culture that supports value delivery while managing significant risks, encourages cross-divisional co-operation and teamwork, promotes compliance ...