Chinaunix首页 | 论坛 | 博客

CISA,CISSP,COBIT,CBCP,IT审计,信息安全博客cisa.blog.chinaunix.net

首页 |  博文目录 |  关于我

gashjd

  • 博客访问: 9655
  • 博文数量: 2
  • 博客积分: 105
  • 博客等级: 民兵
  • 技术积分: 35
  • 用 户 组: 普通用户
  • 注册时间: 2011-08-18 13:33
文章分类

全部博文(2)

文章存档

2012年(2)

我的朋友
最近访客
推荐博文
相关博文
ISACAIT风险的最佳实践Download The Risk IT Practitioner Guide

分类: 网络与安全

2012-05-18 04:17:49

Introduction to the Practitioner Guide  7
Structure of the Document ... 7
The Risk IT Process Model .. 7
Risk IT Positioning With Respect to COBIT and Val IT .. 8
Overview of the Guide—Mapping Against the Process Model . 8
1. Defining a Risk Universe and Scoping Risk Management .. 11
Risk Universe ... 11
Enterprise IT Risk Assessment . 12
Scoping IT Risk Management .. 14
2. Risk Appetite and Risk Tolerance ..... 15
Risk Appetite and Risk Tolerance Defined  15
Risk Appetite .... 15
Risk Tolerance .. 17
3. Risk Awareness, Communication and Reporting..... 19
Introduction  19
Risk Awareness and Communication .. 19
Key Risk Indicators and Risk Reporting .... 22
Risk Profile. 24
Risk Aggregation .... 25
Risk Culture  29
4. Expressing and Describing Risk . 31
Introduction ..... 31
Expressing Impact in Business Terms .. 34
Describing Risk—Expressing Frequency ... 37
Describing Risk—Expressing Impact .. 38
COBIT Business Goals Mapping With Other Impact Criteria .... 42
Risk Map .... 46
Risk Register .... 47
5. Risk Scenarios . 51
Risk Scenarios Explained ... 51
Risk Factors  53
Example Risk Scenarios ..... 57
Capability Risk Factors in the Risk Analysis Process . 69
Environmental Risk Factors in the Risk Analysis Process . 71
6. Risk Response and Prioritisation  75
Risk Response Options . 75
Risk Response Selection and Prioritisation  77
7. A Risk Analysis Workflow  81
8. Mitigation of IT Risk Using COBIT and Val IT .. 83
Appendix 1. Risk Concepts in Risk IT vs. Other Standards and Frameworks ..... 111
Comparison of Major Features ..... 111
Appendix 2. Risk IT and ISO 31000 . 113
ISO 31000 Risk Management—Guidelines on Principles and Implementation of Risk Management .... 113
Appendix 3. Risk IT and ISO 27005 . 117
ISO/IEC 27005:2008, IT—Security Techniques—Information Security Risk Management . 117
Appendix 4. Risk IT and COSO ERM ... 119
COSO Enterprise Risk Management—Integrated Framework ..... 119
Appendix 5. Vocabulary Comparisons: Risk IT vs. ISO Guide 73 and COSO ERM  123
Risk IT and ISO Guide 73 on Risk Management Vocabulary . 123
Risk IT and COSO ERM on Risk Management Vocabulary .. 125
Appendix 6. Risk IT Glossary ..... 129
List of Figures . 131
Other ISACA Publications .... 133
阅读(456) | 评论(0) | 转发(0) |
0

上一篇:没有了

下一篇:信息安全意识培训海报

给主人留下些什么吧!~~
关于我们 | 关于IT168 | 联系方式 | 广告合作 | 法律声明 | 免费注册

Copyright 2001-2010 ChinaUnix.net All Rights Reserved 北京皓辰网域网络信息技术有限公司. 版权所有

感谢所有关心和支持过ChinaUnix的朋友们

16024965号-6