Search results
Jump to navigation
Jump to search
Page title matches
- ...risk management method is in the context of project management, security, risk analysis, industrial processes, financial portfolios, actuarial assessments ...of the risk, and accepting some or all of the consequences of a particular risk. ...27 KB (4,185 words) - 23:45, 10 March 2010
- ==Risk Mitigation== ...esholds and parameters. While not a control, insurance can be an effective risk mitigation tool. Management should balance controls against business operat ...655 bytes (85 words) - 19:15, 17 April 2007
- ==Risk Analysis== Risk analysis is a technique to identify and assess factors that may jeopardize ...1 KB (215 words) - 18:32, 13 April 2007
- ...ess. Risk assessment is [[measurement|measuring]] two quantities of the [[risk]] ''R'', the magnitude of the potential loss ''L'', and the probability ''p :[[image:risk.jpg|thumb|400px|Risk]] ...10 KB (1,633 words) - 16:03, 22 December 2007
- ==IT Risk Management Process== ...ent process. Therefore, the ability to mitigate IT risks is dependent upon risk assessments. Senior management should identify, measure, control, and monit ...4 KB (528 words) - 16:58, 28 March 2010
- 193 bytes (24 words) - 10:57, 16 March 2010
- ==Risk Management== ...cepting some or all of the consequences of a particular risk. Traditional risk management focuses on risks stemming from physical or legal causes (e.g. na ...43 KB (6,368 words) - 11:22, 4 July 2015
- [[File:Risk-Calculator-Flowchart-Generic-MDP-2013122401.jpg]] ...3 KB (411 words) - 12:27, 16 October 2014
- 2 KB (382 words) - 20:24, 27 February 2008
- ...anized, systematic approach, you can approach risk management effectively. Risk simply put is the negative impact to business assets by the exercise of vul ...am for a commercial enterprise, the processes of calculating the cost of a risk exposure and what the appropriate costs of mitigating those risks should be ...23 KB (3,630 words) - 10:19, 27 October 2012
- '''Sustainable Risk Reduction Through Information Security Process Awareness Test Template.'''< ...by <Your Company Name> to gauge and promote end-user awareness of managing risk with the use of security processes.<br> ...2 KB (305 words) - 17:31, 3 August 2006
- '''Sustainable Risk Reduction Through Information Security Process Awareness Test Template.'''< ...by <Your Company Name> to gauge and promote end-user awareness of managing risk with the use of security processes.<br> ...2 KB (309 words) - 17:34, 3 August 2006
Page text matches
- ==Risk Analysis== Risk analysis is a technique to identify and assess factors that may jeopardize ...1 KB (215 words) - 18:32, 13 April 2007
- ==Risk Mitigation== ...esholds and parameters. While not a control, insurance can be an effective risk mitigation tool. Management should balance controls against business operat ...655 bytes (85 words) - 19:15, 17 April 2007
- '''ME 4.5 Risk Management'''<br> ...sight, and their actual and potential business impact. The enterprise’s IT risk position should be transparent to all stakeholders.<br> ...2 KB (334 words) - 13:36, 4 May 2006
- ...nt]], [[Contingency Plan Testing]], and [[Risk_Assessment_and_Treatment: | Risk Management]]. ...464 bytes (58 words) - 13:24, 30 April 2007
- '''1. Risk: Unauthorized access attempts go unnoticed.'''<br> '''2. Risk: Unauthorized execution of privileged system commands may disrupt business ...6 KB (766 words) - 13:42, 23 June 2006
- '''Sustainable Risk Reduction Through Information Security Process Awareness Test Template.'''< ...by <Your Company Name> to gauge and promote end-user awareness of managing risk with the use of security processes.<br> ...2 KB (305 words) - 17:31, 3 August 2006
- '''Sustainable Risk Reduction Through Information Security Process Awareness Test Template.'''< ...by <Your Company Name> to gauge and promote end-user awareness of managing risk with the use of security processes.<br> ...2 KB (309 words) - 17:34, 3 August 2006
- '''PO 9.1 IT and Business Risk Management Alignment'''<br> ...amework. This includes alignment with the organization’s risk appetite and risk tolerance level.<br> ...3 KB (377 words) - 14:10, 8 August 2006
- '''1. Risk: Unauthorized users might exploit unauthorized access to critical business '''2. Risk: Unnecessary disruptions to business processes or data corruption may occur ...6 KB (729 words) - 13:40, 23 June 2006
- '''1 Risk: Unauthorized access attempts go unnoticed.'''<br> '''2. Risk: Unauthorized execution of privileged system commands may disrupt business ...6 KB (821 words) - 18:11, 28 August 2006
- '''1. Risk: Unauthorized access attempts go unnoticed.'''<br> '''2. Risk: Unauthorized execution of privileged system commands may disrupt business ...6 KB (779 words) - 13:45, 23 June 2006
- '''1. Risk: Unauthorized access attempts go unnoticed.'''<br> '''2. Risk: Unauthorized execution of privileged system commands may disrupt business ...6 KB (816 words) - 13:41, 23 June 2006
- ...tion Through Information Security Process Testing Template:|'''Sustainable Risk Reduction Through Information Security Process Testing Template''']]<br> ...questions can be used to gauge and promote end-user awareness of managing risk with the use of security processes.<br> ...2 KB (289 words) - 16:08, 3 August 2006
- '''PO 9.2 Establishment of Risk Context'''<br> ...comes. This includes determining the internal and external context of each risk assessment, the goal of the assessment and the criteria against which risks ...2 KB (317 words) - 20:10, 1 May 2006
- '''1. Risk: Unauthorized access attempts go unnoticed.'''<br> '''2. Risk: Unauthorized execution of privileged system commands may disrupt business ...7 KB (901 words) - 13:44, 23 June 2006
- '''1 Risk: Unauthorized access attempts go unnoticed.'''<br> '''2. Risk: Unauthorized execution of privileged system commands may disrupt business ...7 KB (895 words) - 13:44, 23 June 2006
- '''1. Risk: Unauthorized access attempts go unnoticed.'''<br> '''2. Risk: Unauthorized execution of privileged system commands may disrupt business ...7 KB (901 words) - 13:43, 23 June 2006
- ...selection and design of the layout of a site should take into account the risk associated with natural and man-made disasters, while considering relevant '''Risk Association Control Activities:'''<br> ...2 KB (350 words) - 18:15, 5 May 2006
- '''Risk Association Control Activities:'''<br> ::'''1. Risk: Job schedules can be easily ignored or circumvented, resulting in processi ...3 KB (467 words) - 18:39, 5 May 2006
- ==IT Risk Management Process== ...ent process. Therefore, the ability to mitigate IT risks is dependent upon risk assessments. Senior management should identify, measure, control, and monit ...4 KB (528 words) - 16:58, 28 March 2010
- '''Risk Association Control Activities:''' ...ot meet business, compliance and regulatory needs of the business inducing risk.'''<br> ...3 KB (408 words) - 16:10, 25 June 2006
- '''Risk Association Control Activities:'''<br> ::'''1. Risk: Computer equipment may be compromised by accidental damage.''' ...2 KB (267 words) - 18:29, 5 May 2006
- '''Risk Association Control Activities:'''<br> ...ot meet business, compliance and regulatory needs of the business inducing risk.'''<br> ...4 KB (517 words) - 18:12, 21 June 2006
- '''Risk Association Control Activities:'''<br> ::'''1. Risk: Computer equipment may be compromised by accidental damage.''' ...2 KB (268 words) - 15:01, 8 May 2006
- '''Risk Association Control Activities:'''<br> ::'''1. Risk: Development and maintenance of system with potential impact to financial r ...4 KB (583 words) - 12:06, 23 June 2006
- ==Risk Association Control Activities:== ...ot meet business, compliance and regulatory needs of the business inducing risk.'''<br> ...3 KB (366 words) - 18:00, 25 April 2007
- ...a classification, the organization’s information security architecture and risk profile. Issues to consider include access rights and privilege management, '''Risk Association Control Activities:'''<br> ...3 KB (374 words) - 15:05, 3 May 2006
- '''PO 9.4 Risk Assessment'''<br> ...e methods. The likelihood and impact associated with inherent and residual risk should be determined individually, by category and on a portfolio basis.<br ...2 KB (304 words) - 20:21, 1 May 2006
- ==AI 1.2 Risk Analysis Report== ==Risk Association Control Activities:== ...2 KB (269 words) - 23:52, 14 June 2007
- '''PO 9.5 Risk Response'''<br> ...fits and select responses that constrain residual risks within the defined risk tolerance levels.<br> ...5 KB (738 words) - 20:24, 1 May 2006
- '''PO 4.8 Responsibility for Risk, Security and Compliance'''<br> ...ity issues. Obtain direction from senior management on the appetite for IT risk and approval of any residual IT risks.<br> ...3 KB (370 words) - 18:04, 1 May 2006
- '''Risk Association Control Activities:'''<br> ::'''1. Risk: Controls provide reasonable assurance that policies and procedures that de ...3 KB (471 words) - 12:32, 23 June 2006
- '''PO 9.6 Maintenance and Monitoring of a Risk Action Plan'''<br> Prioritize and plan the control activities at all levels to implement the risk responses identified as necessary, including identification of costs, benef ...2 KB (325 words) - 01:16, 2 May 2006
- '''PO 10.9 Project Risk Management'''<br> '''Risk Association Control Activities:'''<br> ...3 KB (403 words) - 12:37, 23 June 2006
- ==Risk Association Control Activities:== ::'''1. Risk: Conflicting access credential may violate confidentiality, [[Privacy | pri ...3 KB (362 words) - 23:55, 14 June 2007
- ==Risk Association Control Activities:== ::'''1. Risk: Operational failures may not be identified and resolved in an appropriate, ...2 KB (297 words) - 18:35, 25 April 2007
- ...requirements regarding delivery of value from IT investments, appetite for risk, integrity, ethical values, staff competence, accountability and responsibi '''Risk Association Control Activities:'''<br> ...4 KB (580 words) - 18:00, 23 June 2006
- ...ot meet business, compliance and regulatory needs of the business inducing risk.'''<br> ...2 KB (295 words) - 15:33, 25 June 2006
- ::'''1. Risk: The transfer of programs into the live environment is not appropriately co 1. Determine that a risk assessment of the potential impact of changes to system software is perform ...2 KB (303 words) - 19:58, 23 June 2006
- ...tion processing. Without an adequate infrastructure, there is an increased risk that financial reporting applications will not be able to pass data between '''Risk Association Control Activities:'''<br> ...4 KB (496 words) - 17:26, 21 June 2006
- '''Risk Association Control Activities:'''<br> ::'''1. Risk: The transfer of programs into the live environment may not be appropriatel ...3 KB (432 words) - 13:02, 23 June 2006
- '''Risk Association Control Activities:'''<br> ::'''1. Risk: Security and business continuity risks are introduced by technical designs ...3 KB (436 words) - 14:30, 4 May 2006
- '''Risk Association Control Activities:'''<br> ::'''1. Risk: Security and business continuity risks are introduced by technical designs ...3 KB (442 words) - 13:59, 23 June 2006
- ...ot meet business, compliance and regulatory needs of the business inducing risk.'''<br> ...2 KB (291 words) - 16:02, 25 June 2006
- '''Risk Association Control Activities:'''<br> ::'''1. Risk: Controls provide reasonable assurance that policies and procedures that de ...5 KB (700 words) - 18:07, 23 June 2006
- ...process that identifies threats, vulnerabilities, and results in a formal risk assessment. ...2 KB (294 words) - 14:46, 2 March 2007
- '''Risk Association Control Activities:'''<br> ::'''1. Risk: Development and maintenance of system with potential impact to financial r ...4 KB (524 words) - 15:03, 25 June 2006
- '''Risk Association Control Activities:'''<br> ::'''1. Risk: Information security and business requirements may be compromised. Inaccur ...3 KB (460 words) - 16:08, 21 June 2006
- '''Risk Association Control Activities:'''<br> ::'''1. Risk: Controls provide reasonable assurance that the systems are appropriately t ...3 KB (396 words) - 14:02, 23 June 2006
- ...nce against key project criteria (e.g., scope, schedule, quality, cost and risk); identify any deviations from plan; assess their impact on the project and '''Risk Association Control Activities:'''<br> ...3 KB (368 words) - 02:03, 2 May 2006
- '''Risk Association Control Activities:'''<br> ...ot meet business, compliance and regulatory needs of the business inducing risk.'''<br> ...3 KB (459 words) - 17:56, 21 June 2006
- ...ess. Risk assessment is [[measurement|measuring]] two quantities of the [[risk]] ''R'', the magnitude of the potential loss ''L'', and the probability ''p :[[image:risk.jpg|thumb|400px|Risk]] ...10 KB (1,633 words) - 16:03, 22 December 2007
- ==Risk Association Control Activities:== ...2 KB (272 words) - 18:05, 25 April 2007
- '''Risk Association Control Activities:'''<br> ::'''1. Risk: Financial systems fail due to a lack of operational procedures being execu ...4 KB (550 words) - 14:34, 1 May 2006
- '''Risk Association Control Activities:'''<br> ::'''1. Risk: Security and business continuity risks are introduced by technical designs ...3 KB (394 words) - 17:12, 22 March 2007
- '''Risk Association Control Activities:'''<br> ::'''1. Risk: Conflicting access credential may violate confidentiality, privacy, or pos ...3 KB (382 words) - 18:02, 3 May 2006
- ==Risk Association Control Activities:== ...2 KB (270 words) - 18:10, 25 April 2007
- '''Risk Association Control Activities:'''<br> ::'''1. Risk: Business requirements are not met or inadequately tested. Systems produce ...3 KB (394 words) - 11:59, 23 June 2006
- ==Risk Association Control Activities:== ...2 KB (278 words) - 18:21, 25 April 2007
- ...capacity forecasting of IT resources at regular intervals to minimize the risk of service disruptions due to insufficient capacity or performance degradat '''Risk Association Control Activities:'''<br> ...3 KB (490 words) - 13:42, 4 May 2006
- ...iness Security Evaluation - Comprehensive information security control and risk assessment guidance for the enterprise demystified. This presentation was o ...s covers security and business risks, anatomy of an attack, and a security risk discussion exercise.<br> ...5 KB (653 words) - 12:45, 25 April 2007
- '''Risk Association Control Activities:'''<br> ::'''1. Risk: Security and business continuity risks are introduced by technical designs ...3 KB (497 words) - 14:57, 23 June 2006
- '''Risk Association Control Activities:'''<br> ::'''1. Risk: Lost data could significantly impact financial reporting.''' ...5 KB (721 words) - 11:49, 28 March 2008
- '''Risk Association Control Activities:'''<br> ::'''1. Risk: Operational failures may not be identified and resolved in an appropriate, ...2 KB (275 words) - 18:47, 5 May 2006
- ==Risk Association Control Activities:== ...2 KB (303 words) - 18:16, 25 April 2007
- '''Risk Association Control Activities:'''<br> ::'''1. Risk: Security incidents and incompliance with information security procedures m ...4 KB (601 words) - 15:01, 8 August 2006
- Translate business information requirements, IT configuration, information risk action plans and information security culture into an overall IT security p '''Risk Association Control Activities:''' ...10 KB (1,333 words) - 17:44, 25 June 2006
- '''Risk Association Control Activities:'''<br> ::'''1. Risk: Controls provide reasonable assurance that the systems are appropriately t ...3 KB (436 words) - 12:51, 23 June 2006
- '''Risk Association Control Activities:'''<br> ::'''1. Risk: Systems do not meet business needs because not all business functional and ...4 KB (510 words) - 13:54, 1 May 2006
- * Assignment of responsibility for remediation (can include risk acceptance).<br> '''Risk Association Control Activities:'''<br> ...2 KB (286 words) - 13:05, 4 May 2006
- '''Risk Association Control Activities:'''<br> ::'''1. Risk: Mission critical data is not available to restart applications due to syst ...2 KB (294 words) - 14:52, 4 May 2006
- ...dures in this booklet assist examiners in evaluating financial institution risk management processes to ensure effective information technology (IT) manage ...s an essential component of effective corporate governance and operational risk management.<br> ...5 KB (645 words) - 18:03, 27 April 2007
- '''Risk Association Control Activities:'''<br> ::'''1. Risk: Design and implementation of new applications may not be appropriately con ...3 KB (424 words) - 17:01, 21 June 2006
- ==Risk Association Control Activities:== ...2 KB (290 words) - 17:49, 25 April 2007
- ::'''1. Risk: Without an adequate infrastructure, there is an increased risk that financial reporting applications will not be able to pass data between ...3 KB (364 words) - 17:41, 21 June 2006
- '''Risk Association Control Activities:'''<br> ::'''1. Risk: Financial systems fail due to a lack of operational procedures being execu ...3 KB (427 words) - 17:58, 1 May 2006
- '''Risk Association Control Activities:'''<br> ::'''1. Risk: Controls provide reasonable assurance that the systems are appropriately t ...3 KB (428 words) - 14:05, 23 June 2006
- '''Risk Association Control Activities:'''<br> ::'''1. Risk: Production processes and associated controls operate as intended and suppo ...3 KB (421 words) - 18:02, 23 June 2006
- '''Risk Association Control Activities:'''<br> ::'''1. Risk: The impact of application system changes (e.g., hardware and software) sho ...3 KB (425 words) - 13:19, 23 June 2006
- [[Risk Assessment and Treatment:|'''Risk Assessment and Treatment''']]<br> ==COSO Enterprise Risk Management Framework Domains:== ...3 KB (378 words) - 21:27, 18 January 2015
- '''Risk Association Control Activities:'''<br> ::'''1. Risk: Production processes and associated controls operate as intended and suppo ...3 KB (420 words) - 14:06, 8 August 2006
- '''Risk Association Control Activities:'''<br> ::'''1. Risk: Users may have inappropriate access to the application system.'''<br> ...2 KB (307 words) - 15:06, 3 May 2006
- '''Risk Association Control Activities:'''<br> ::'''1. Risk: Security incidents and incompliance with information security procedures m ...2 KB (303 words) - 17:36, 5 May 2006
- '''Risk Association Control Activities:'''<br> ...ot meet business, compliance and regulatory needs of the business inducing risk.'''<br> ...6 KB (870 words) - 18:08, 21 June 2006
- '''Risk Association Control Activities:'''<br> ::'''1. Risk: Employees, including individuals with special security responsibilities (s ...3 KB (442 words) - 18:58, 1 May 2006
- '''Risk Association Control Activities:'''<br> ::*PCI.12.7: Screen potential employees to minimize the risk of attacks from internal sources. ...2 KB (312 words) - 18:19, 3 May 2006
- '''Risk Association Control Activities:'''<br> ::'''1. Risk: Third party processors create unacceptable control risks to the Company.'' ...2 KB (321 words) - 15:35, 25 June 2006
- '''Risk Association Control Activities:'''<br> ::'''1. Risk: Business requirements are not met or inadequately tested. Systems produce ...4 KB (594 words) - 19:50, 25 June 2006
- '''Risk Association Control Activities:''' ::'''1. Risk: Lapses in the continuity of application systems may prevent an organizatio ...4 KB (522 words) - 20:12, 25 June 2006
- ==Risk Association Control Activities:== ::'''1. Risk: Segregation of duties may be compromised and unauthorized activity may occ ...4 KB (591 words) - 19:45, 14 June 2007
- '''Risk Association Control Activities:'''<br> ...ot meet business, compliance and regulatory needs of the business inducing risk.'''<br> ...5 KB (674 words) - 18:14, 21 June 2006
- '''DS 2.3 Supplier Risk Management'''<br> ...l business standards in accordance with legal and regulatory requirements. Risk management should further consider non-disclosure agreements (NDA), escrow ...7 KB (958 words) - 16:01, 25 June 2006
- ...ot meet business, compliance and regulatory needs of the business inducing risk.'''<br> ...3 KB (385 words) - 16:14, 25 June 2006
- '''1. Risk: Controls provide reasonable assurance that the systems are appropriately t ...709 bytes (91 words) - 13:46, 23 June 2006
- '''Risk Association Control Activities:'''<br> ::'''1. Risk: Systems do not meet business needs because not all business functional and ...3 KB (446 words) - 16:36, 1 May 2006
- '''Risk Association Control Activities:'''<br> ::'''1. Risk: IT function does not meet the organizational needs. ''' ...3 KB (456 words) - 17:15, 15 February 2007
- '''Risk Association Control Activities:'''<br> ::'''1. Risk: Security incidents and incompliance with information security procedures m ...2 KB (327 words) - 13:18, 4 May 2006
- '''Risk Association Control Activities:'''<br> ::'''1. Risk: New program developments and/or changes may be made that are unnecessary o ...2 KB (338 words) - 13:45, 6 March 2007
- '''Risk Association Control Activities:'''<br> ::'''1. Risk: Operational failures may not be identified and resolved in an appropriate, ...2 KB (324 words) - 14:50, 4 May 2006
- '''PO 6.2 Enterprise IT Risk and Internal Control Framework'''<br> '''Risk Association Control Activities:'''<br> ...2 KB (331 words) - 18:47, 1 May 2006
- '''Risk Association Control Activities:'''<br> ::'''1. Risk: Business needs may not be met or adequate data safeguards may not be imple ...5 KB (699 words) - 19:59, 25 June 2006
- '''Risk Association Control Activities:'''<br> ::'''1. Risk: Users may have inappropriate access to the application system.'''<br> ...2 KB (330 words) - 18:17, 1 May 2006
- '''Risk Association Control Activities:'''<br> ::'''1. Risk: In-House and or Package applications may not meet all business and applica ...6 KB (878 words) - 13:34, 23 June 2006
- '''Risk Association Control Activities:'''<br> ::'''1. Risk: Security and business continuity risks are introduced by technical designs ...2 KB (323 words) - 15:09, 3 May 2006
- '''Risk Association Control Activities:'''<br> ::'''1. Risk: Security incidents and incompliance with information security procedures m ...2 KB (340 words) - 17:40, 5 May 2006
- '''Risk Association Control Activities:'''<br> ::'''1. Risk: Controls provide reasonable assurance that the systems are appropriately t ...6 KB (819 words) - 13:54, 23 June 2006
- '''Risk Association Control Activities:'''<br> ::'''1. Risk: The transfer of programs into the live environment is not appropriately co ...2 KB (346 words) - 20:00, 23 June 2006
- '''Risk Association Control Activities:'''<br> ::'''1. Risk: IT function does not meet the organizational needs.'''<br> ...2 KB (338 words) - 19:03, 17 April 2007
- ...r handling and correction, and formal approval. Based on assessment of the risk of system failure and errors on implementation, the plan should include req '''Risk Association Control Activities:'''<br> ...2 KB (322 words) - 17:43, 3 May 2006
- '''Risk Association Control Activities:'''<br> ...product. Where additional functionality is supplied and causes a security risk, this should be disabled or the proposed control structure should be review ...5 KB (649 words) - 18:23, 5 May 2006
- '''Risk Association Control Activities:'''<br> ::'''1. Risk: nformation security and business requirements may be compromised. Inaccura ...4 KB (506 words) - 20:00, 25 June 2006
- ...Motion In Limine: An Effective Procedural Device With No Material Downside Risk, 16 New Eng LR 171 (1981); Graham, Evidence and Trial Advocacy Workshop: Ru ...740 bytes (110 words) - 12:25, 28 February 2009
- ...xecutives, business units, individual users, suppliers, security officers, risk managers, the corporate compliance group, outsourcers and offsite managemen '''Risk Association Control Activities:'''<br> ...2 KB (342 words) - 18:20, 1 May 2006
- '''Risk Association Control Activities:'''<br> ::'''1. Risk: A project that does not meet business requirements for internal controls a ...3 KB (367 words) - 16:28, 21 June 2006
- '''Risk Association Control Activities:'''<br> ::'''1. Risk: Financial systems fail due to a lack of operational procedures being execu ...2 KB (351 words) - 17:03, 21 June 2006
- '''Risk Association Control Activities:'''<br> ::'''1. Risk: Business requirements are not met or inadequately tested. Systems produce ...3 KB (365 words) - 19:02, 17 April 2007
- :* Insurance cannot adequately cover the reputation and compliance risk related to customer relationships and privacy. :* Third-party risk from companies responsible for security of financial institution systems or ...3 KB (469 words) - 13:30, 10 April 2007
- '''Risk Association Control Activities:'''<br> ::'''1. Risk: Terminated entities create unacceptable control risks to the Company.'''<b ...3 KB (366 words) - 16:39, 26 June 2006
- '''Risk Association Control Activities:'''<br> ::'''1. Risk: Controls provide reasonable assurance that the systems are appropriately t ...10 KB (1,393 words) - 14:28, 23 June 2006
- * Risk and compliance with regulations.<br> '''Risk Association Control Activities:'''<br> ...3 KB (362 words) - 12:33, 4 May 2006
- '''Risk Association Control Activities:''' ::'''1. Risk: Insufficient configuration controls can lead to security and availability ...4 KB (506 words) - 18:44, 25 June 2006
- '''Risk Association Control Activities:'''<br> ::'''1. Risk: Security incidents and incompliance with information security procedures m ...2 KB (351 words) - 13:57, 4 May 2006
- '''Risk Association Control Activities:'''<br> ::'''1. Risk: IT function does not meet the organizational needs.'''<br> ...3 KB (356 words) - 17:11, 1 May 2006
- '''Risk Association Control Activities:'''<br> ::'''1. Risk: Business requirements are not met or inadequately tested. Systems produce ...4 KB (501 words) - 18:24, 25 June 2006
- ==Areas of risk== ...4 KB (588 words) - 17:23, 26 March 2007
- ...y-generated processes; [[It-governance | governance]], [[Risk_management | risk]], and [[compliance]] activities; management reviews, and Microsoft Solutio ...tegrated approach to IT service management activities through the use of [[risk management]], [[Change_control | change management]], and controls. It also ...3 KB (461 words) - 14:19, 23 April 2010
- '''Risk Association Control Activities:''' ::'''1. Risk: Controls provide reasonable assurance that policies and procedures that de ...4 KB (537 words) - 13:57, 23 June 2006
- '''Risk Association Control Activities:'''<br> ::'''1. Risk: Business requirements are not met or inadequately tested. Systems produce ...4 KB (530 words) - 11:58, 23 June 2006
- '''Risk Association Control Activities:'''<br> ...product. Where additional functionality is supplied and causes a security risk, this should be disabled or the proposed control structure should be review ...5 KB (730 words) - 19:05, 17 April 2007
- '''Risk Association Control Activities:'''<br> ::'''1. Risk: IT function does not meet the organizational needs.'''<br> ...3 KB (397 words) - 13:28, 4 May 2006
- '''Risk Association Control Activities:'''<br> ::'''1. Risk: Information security and business requirements may be compromised. Inaccur ...6 KB (804 words) - 12:14, 23 June 2006
- ...upport the institution’s technology needs, the ultimate responsibility and risk rests with the institution. Financial institutions are required under the 5 ...at they are maintaining those controls when indicated by the institution’s risk assessment ...6 KB (829 words) - 19:14, 17 April 2007
- [[PO4.8:| 4.8 Responsibility for Risk, Security and Compliance]]<br> [[PO6.2:| 6.2 Enterprise IT Risk and Internal Control Framework]]<br> ...4 KB (517 words) - 19:07, 14 June 2007
- '''Risk Association Control Activities:'''<br> ::'''1. Risk: In-House and or Package applications may not meet all business and applica ...3 KB (390 words) - 12:10, 23 June 2006
- '''Risk Association Control Activities:'''<br> ::'''1. Risk: Information security and business requirements may be compromised. Inaccur ...6 KB (863 words) - 13:12, 23 June 2006
- '''Risk Association Control Activities:'''<br> ::'''1. Risk: IT function does not meet the organizational needs.'''<br> ...3 KB (393 words) - 17:18, 1 May 2006
- '''Risk Association Control Activities:'''<br> ::'''1. Risk: The transfer of programs into the live environment may not be appropriatel ...3 KB (377 words) - 14:55, 1 May 2006
- '''Risk Association Control Activities:'''<br> ::'''1. Risk: Security and business continuity risks are introduced by technical designs ...4 KB (538 words) - 13:16, 23 June 2006
- ...including financial worth, the risk of not delivering a capability and the risk of not realizing the expected benefits.<br> ==Risk Association Control Activities:== ...6 KB (847 words) - 17:21, 25 April 2007
- ...ore broadly-focused of these two fields, IA consists more of the strategic risk management of information systems rather than the creation and application ...of the threats' impact and the probability of their occurring is the total risk to the information asset. ...7 KB (983 words) - 10:41, 15 April 2012
- ...critical activities by the end of the business day could present systemic risk. The agencies believe that many, if not most, of the 15-20 major banks and :* Risk assessment ...5 KB (705 words) - 13:42, 30 May 2007
- '''Risk Association Control Activities:'''<br> ::'''1. Risk: Controls provide reasonable assurance that policies and procedures that de ...3 KB (432 words) - 12:23, 23 June 2006
- ==Transaction or Operations Risk== ...risk exists in each product and service offered. The level of transaction risk is affected by the structure of the institution’s processing environment, i ...11 KB (1,523 words) - 10:04, 28 April 2007
- '''Risk Association Control Activities:''' ::'''1. Risk: Insufficient configuration controls can lead to security and availability ...3 KB (429 words) - 18:55, 25 June 2006
- ...egrity, confidentiality, and accountability, with a different appetite for risk on the part of management. ...trategies should consider the different risk environment and the degree of risk mitigation necessary to protect the institution in the event the continuity ...9 KB (1,274 words) - 00:17, 1 June 2007
- '''Risk Association Control Activities:'''<br> ::'''1. Risk: Security incidents and incompliance with information security procedures m ...3 KB (451 words) - 17:52, 5 May 2006
- ::'''4. Risk: Poorly serviced systems do not deliver as required and financial informati ::'''4. Risk: Poorly serviced systems do not deliver as required and financial informati ...4 KB (520 words) - 15:27, 25 June 2006
- ...tion seeks to control its business risk rather than the client's portfolio risk. [[Category:Risk]] ...4 KB (607 words) - 18:29, 16 February 2007
- '''Risk Association Control Activities:''' ::'''1. Risk: Users may have inappropriate access to the application system.'''<br> ...5 KB (666 words) - 15:23, 25 June 2006
- *4: [[Risk management|Risk assessment and treatment]] - analysis of the organization's information sec ...iate to its particular circumstances. (The introduction section outlines a risk assessment process although there are more specific standards covering this ...6 KB (847 words) - 16:57, 26 March 2007
- ...ted as much information about the case as possible. This will minimize the risk that the client will become uncooperative and resentful of the attorney bef ...1 KB (227 words) - 13:31, 22 February 2009
- '''Risk Association Control Activities:'''<br> ...1 KB (146 words) - 17:19, 7 June 2006
- ...ask the client what he or she thinks is the most rational decision. If the risk is great, and the punishment that can be bargained for is light, the client ...3 KB (603 words) - 17:57, 22 February 2009
- '''(1)''' provides information security protections commensurate with the risk and magnitude of the harm resulting from the unauthorized access, use, disc ...709 bytes (103 words) - 10:41, 2 June 2010
- '''(1)''' provides information security protections commensurate with the risk and magnitude of the harm resulting from the unauthorized access, use, disc ...709 bytes (103 words) - 21:02, 3 June 2010
- '''Risk Association Control Activities:'''<br> ::'''1. Risk: Controls provide reasonable assurance that the systems are appropriately t ...3 KB (475 words) - 13:09, 23 June 2006
- * Specifications based on a thorough risk assessment, that considers appropriate algorithm selections, key management ...ntrol the installation of software on operational systems, to minimize the risk of interruptions in or corruption of information services.<br> ...9 KB (1,170 words) - 14:05, 22 May 2007
- '''Risk Association Control Activities:'''<br> ::'''1. Risk: Third party processors create unacceptable control risks to the Company.'' ...6 KB (846 words) - 13:52, 4 May 2006
- '''Risk Association Control Activities:'''<br> ::'''1. Risk: Incidents or problems affecting financial processes are not identified res ...8 KB (1,177 words) - 19:00, 25 June 2006
- ...ny information security vulnerability in such system commensurate with the risk and in accordance with all applicable laws.<br> ...fect information security. Such protections shall be commensurate with the risk and comply with all applicable laws and regulations.<br> ...4 KB (634 words) - 13:00, 4 June 2010
- '''Risk Association Control Activities:'''<br> ...s and security staff, and specialist skills in areas such as insurance and risk management.<br> ...3 KB (470 words) - 13:39, 6 March 2007
- [[ME4.5:| 4.5 Risk Management]]<br> ...2 KB (195 words) - 19:06, 14 June 2007
- ...dards) that are needed to create, implement, and maintain a best practice, risk management-based information security program.<br> ...dards) that are needed to create, implement, and maintain a best practice, risk management-based Information Security Program.<br> ...5 KB (705 words) - 11:39, 30 May 2015
- ::'''6. Risk: Lost data could significantly impact financial reporting.''' ...2 KB (268 words) - 19:59, 25 June 2006
- '''1. Risk: Insufficient controls over processing accuracy by a third-party service pr ...2 KB (285 words) - 18:35, 14 June 2006
- '''Risk Association Control Activities:'''<br> ::'''1. Risk: Security incidents and incompliance with information security procedures m ...4 KB (548 words) - 14:21, 4 May 2006
- ::'''1. Risk: Business requirements are not met or third parties have inappropriate acce ...2 KB (297 words) - 14:38, 13 June 2006
- ::'''1. Risk: Business requirements are not met or third parties have inappropriate acce ...2 KB (297 words) - 18:29, 13 June 2006
- ::'''11. Risk: Insufficient control over authorization, authentication, nonrepudiation, d ...2 KB (287 words) - 18:08, 25 June 2006
- ...ny information security vulnerability in such system commensurate with the risk and in accordance with all applicable laws.<br> ...fect information security. Such protections shall be commensurate with the risk and comply with all applicable laws and regulations.<br> ...4 KB (682 words) - 19:17, 3 June 2010
- ::'''4. Risk: Lost data could significantly impact financial reporting.''' ...2 KB (280 words) - 19:58, 25 June 2006
- '''Risk Association Control Activities:'''<br> ::'''1. Risk: Development and maintenance of system with potential impact to financial r ...7 KB (975 words) - 16:57, 9 April 2007
- ::'''1. Risk: Incidents or problems affecting financial processes are not identified res ...2 KB (279 words) - 19:02, 25 June 2006
- ::'''4. Risk: Problems and/or incidents are not properly responded to, recorded, resolve ...2 KB (277 words) - 19:21, 25 June 2006
- ::'''2. Risk: Lost data could significantly impact financial reporting.''' ...2 KB (274 words) - 19:44, 25 June 2006
- ::'''1. Risk: Insufficient configuration controls can lead to security and availability ...2 KB (288 words) - 18:53, 25 June 2006
- ::'''7. Risk: Insufficient control over authorization, authentication, nonrepudiation, d ...2 KB (292 words) - 17:47, 25 June 2006
- '''Risk Association Control Activities:'''<br> '''Risk Association Control Activities:'''<br> ...4 KB (544 words) - 17:11, 5 May 2006
- ::'''4. Risk: Insufficient control over authorization, authentication, nonrepudiation, d ...2 KB (289 words) - 17:19, 25 June 2006
- '''Risk Association Control Activities:'''<br> ::'''1. Risk: Ongoing operations, problem resolution, an future application maintenance ...6 KB (781 words) - 12:31, 23 June 2006
- ::'''1. Risk: Business requirements are not met or third parties have inappropriate acce ...2 KB (294 words) - 18:21, 14 June 2006
- Data security theory seeks to establish uniform risk-based requirements for the protection of data elements. To ensure that the ...extent of risk mitigation, and not the procedure or tool used to mitigate risk. ...9 KB (1,246 words) - 18:20, 10 April 2007
- '''Risk Association Control Activities:'''<br> ...2 KB (235 words) - 17:48, 5 May 2006
- ::'''5. Risk: Lost data could significantly impact financial reporting.''' ...2 KB (304 words) - 19:56, 25 June 2006
- ...ontrols is low, or as many as 76 program change documents, if the level of risk initially identified from the responses to the questionnaire was determined ...ed based upon the level of inherent risk and the intended level of control risk applied against the compliance sample size table contained in Part 3 of the ...8 KB (1,155 words) - 20:14, 25 June 2006
- ::'''2. Risk: Insufficient configuration controls can lead to security and availability ...2 KB (314 words) - 18:27, 25 June 2006
- ...lly and updated as needed to reflect changes to business objectives or the risk environment. ...2 KB (296 words) - 14:47, 2 March 2007
- ::'''3. Risk: lapses in the continuity of application systems may prevent an organizatio ...2 KB (301 words) - 20:18, 25 June 2006
- ::'''2. Risk: Third party service providers are not qualified, and are incapable of deli ...2 KB (302 words) - 15:57, 25 June 2006
- ::'''2. Risk: Lapses in the continuity of application systems may prevent an organizatio ...2 KB (301 words) - 20:16, 25 June 2006
- * Periodic assessments of risk, including the magnitude of harm that could result from the unauthorized ac * Policies and procedures that are based on risk assessments, cost-effectively reduce information security risks to an accep ...9 KB (1,252 words) - 19:19, 19 April 2010
- ::'''1. Risk: Insufficient controls over processing accuracy by a third-party service pr ...2 KB (302 words) - 18:12, 14 June 2006
- ...pproved, cost effective, business enhancing changes (fixes) - with minimum risk to IT infrastructure. The goal of Change Management is to ensure that stand ...raising and recording of changes, assessing the impact, cost, benefit and risk of proposed changes, developing business justification and obtaining approv ...4 KB (588 words) - 16:23, 21 March 2007
- '''Risk Association Control Activities:'''<br> ...2 KB (233 words) - 13:37, 4 May 2006
- '''Risk Association Control Activities:'''<br> ...2 KB (243 words) - 14:06, 5 May 2006
- ::'''3. Risk: Problems and/or incidents are not properly responded to, recorded, resolve ...2 KB (297 words) - 19:19, 25 June 2006
- ...licies and standards) that are needed to create, implement, and maintain a risk management-based Information Security Program that complies with SOX Sectio ...1 KB (204 words) - 13:03, 14 July 2006
- ::'''5. Risk: Unapproved application changes negatively impact business processing or ma ...2 KB (305 words) - 14:32, 23 June 2006
- '''Risk Association Control Activities:'''<br> ...2 KB (240 words) - 19:34, 4 May 2006
- '''Risk Association Control Activities:'''<br> ...level of logging required for individual systems should be determined by a risk assessment, taking performance degradation into account.<br> ...4 KB (586 words) - 01:37, 1 May 2006
- ::'''1. Risk: Business requirements are not met or third parties have inappropriate acce ...2 KB (317 words) - 18:30, 14 June 2006
- '''Risk Association Control Activities:'''<br> ...2 KB (244 words) - 17:51, 5 May 2006
- ::'''1. Risk: Business requirements are not met or third parties have inappropriate acce ...2 KB (306 words) - 18:32, 14 June 2006
- ::'''1. Risk: Third party processors create unacceptable control risks to the Company.'' ...2 KB (295 words) - 15:40, 25 June 2006
- ::'''1. Risk: Lapses in the continuity of application systems may prevent an organizatio ...2 KB (315 words) - 20:11, 25 June 2006
- '''Risk Association Control Activities:'''<br> ...2 KB (247 words) - 17:11, 5 May 2006
- ::'''8. Risk: Insufficient control over authorization, authentication, nonrepudiation, d ...2 KB (315 words) - 17:54, 25 June 2006
- ::'''3. Risk: Insufficient control over authorization, authentication, nonrepudiation, d ...2 KB (317 words) - 17:15, 25 June 2006
- ::'''12. Risk: Insufficient control over authorization, authentication, nonrepudiation, d ...2 KB (321 words) - 18:12, 25 June 2006
- '''Risk Association Control Activities:'''<br> ...2 KB (249 words) - 18:44, 5 May 2006
- '''Risk Association Control Activities:'''<br> ...2 KB (252 words) - 13:19, 4 May 2006
- ::'''1. Risk: Up-to-date backups of programs and data may not be available when needed.' ...3 KB (335 words) - 14:05, 26 February 2007
- ::'''2. Risk: Problems and/or incidents are not properly responded to, recorded, resolve ...2 KB (325 words) - 19:12, 25 June 2006
- ::'''1. Risk: Insufficient configuration controls can lead to security and availability ...2 KB (315 words) - 18:38, 25 June 2006
- * The risk of losing sensitive information ...961 bytes (140 words) - 22:16, 15 March 2010
- ::'''4. Risk: Insufficient control over authorization, authentication, nonrepudiation, d ...2 KB (305 words) - 17:36, 25 June 2006
- '''Risk Association Control Activities:'''<br> ...2 KB (264 words) - 18:14, 1 May 2006
- :::'''10. Risk: Insufficient control over authorization, authentication, nonrepudiation, d ...2 KB (321 words) - 18:06, 25 June 2006
- '''Risk Association Control Activities:'''<br> ...2 KB (250 words) - 20:02, 1 May 2006
- '''Risk Association Control Activities:'''<br> ...2 KB (248 words) - 17:50, 5 May 2006
- ::'''1. Risk: Insufficient control over authorization, authentication, nonrepudiation, d ...3 KB (351 words) - 16:49, 25 June 2006
- :'''Screen potential employees to minimize the risk of attacks from internal sources.'''<br> ...2 KB (319 words) - 20:10, 2 March 2007
- '''Risk Association Control Activities:'''<br> ...2 KB (261 words) - 13:09, 4 May 2006
- ::'''2. Risk: Insufficient configuration controls can lead to security and availability ...2 KB (324 words) - 18:46, 25 June 2006
- '''Risk Association Control Activities:'''<br> ...2 KB (261 words) - 13:14, 4 May 2006
- '''Risk Association Control Activities:'''<br> ...2 KB (258 words) - 14:48, 5 May 2006
- '''Risk Association Control Activities:'''<br> ...2 KB (263 words) - 12:37, 4 May 2006
- '''Risk Association Control Activities:'''<br> ...2 KB (267 words) - 12:35, 4 May 2006
- '''Risk Association Control Activities:'''<br> ...2 KB (270 words) - 18:42, 5 May 2006
- '''Risk Association Control Activities:'''<br> ...2 KB (272 words) - 13:18, 4 May 2006
- '''Risk Association Control Activities:'''<br> ...2 KB (268 words) - 19:33, 1 May 2006
- ::'''4. Risk: Lost data could significantly impact financial reporting.''' ...2 KB (313 words) - 19:39, 25 June 2006
- '''Risk Association Control Activities:'''<br> ...2 KB (273 words) - 18:04, 3 May 2006
- '''7. Risk: Unidentifiable users may compromise critical business processes and data.' ...3 KB (356 words) - 17:48, 28 June 2006
- '''Risk Association Control Activities:'''<br> ...2 KB (280 words) - 20:06, 1 May 2006
- '''Risk Association Control Activities:'''<br> ...2 KB (273 words) - 20:01, 1 May 2006
- '''Risk Association Control Activities:'''<br> ...2 KB (281 words) - 01:30, 2 May 2006
- '''Risk Association Control Activities:'''<br> ...2 KB (274 words) - 13:47, 6 March 2007
- '''Risk Association Control Activities:'''<br> ...2 KB (271 words) - 13:16, 4 May 2006
- ::'''1. Risk: Business needs may not be met or adequate data safeguards may not be imple ...3 KB (341 words) - 16:17, 21 June 2006
- '''Risk Association Control Activities:'''<br> ...2 KB (277 words) - 17:41, 3 May 2006
- '''Risk Association Control Activities:'''<br> ...2 KB (264 words) - 17:42, 5 May 2006
- '''Risk Association Control Activities:'''<br> ...2 KB (289 words) - 13:11, 4 May 2006
- '''Risk Association Control Activities:'''<br> ...2 KB (291 words) - 13:41, 6 March 2007
- ...cification of a requirement, but has sufficiently mitigated the associated risk. See the PCI DSS Glossary for the full definition of compensating controls. ...ensating controls may be considered. Only companies that have undertaken a risk analysis and have legitimate technological or documented business constrain ...8 KB (1,208 words) - 17:00, 9 April 2007
- '''Risk Association Control Activities:'''<br> ...2 KB (299 words) - 19:17, 22 June 2006
- '''Risk Association Control Activities:'''<br> ...2 KB (289 words) - 12:56, 4 May 2006
- Risk Management.<br> ...2 KB (318 words) - 16:08, 3 August 2006
- '''''Risk Management.'''''<br> ...2 KB (322 words) - 16:10, 3 August 2006
- '''Risk Association Control Activities:'''<br> ...2 KB (281 words) - 17:31, 5 May 2006