SlideShare ist ein Scribd-Unternehmen logo

Intro to CRISC and Skills Assessment

A
Ashley Wheeler

If you are new to risk management, or just need a refresher, check out this presentation of our CRISC clas. It also comes with a self-assessment link. Enjoy!

Leadership & Management
1 von 21
Downloaden Sie, um offline zu lesen
CRISC REVIEW MANUAL 2015
Introduction to IT Risk Management
Introduction to IT Risk Management  Risk is defined as the combination of the probability of an event and its consequence.  Often, risk is seen as an adverse event that can threaten an organization’s assets or exploit vulnerabilities and cause harm.  Several factors are considered when evaluating risk, such as:  the mission of the organization  assets  threat  vulnerability  likelihood and impact.
Introduction to IT Risk Management Governance and Risk Management  Governance is the accountability for protection of the assets of an organization.  Over the past decade, the term “governance” has moved to the forefront of business thinking in response to examples demonstrating the importance of good governance and, on the other end of the scale, global business mishaps.  The corporate governance of IT is the system by which the current and future use of IT is evaluated, directed and controlled.
Introduction to IT Risk Management Governance and Risk Management  Value creation is comprised of benefits realization, risk optimization and resource optimization.  Risk optimization is, therefore, an essential part of any governance system and cannot be seen in isolation from benefits realization or resource optimization.  Governance answers four questions:  Are we doing the right things?  Are we doing them the right way?  Are we getting them done well?  Are we getting the benefits?
Introduction to IT Risk Management Governance and Risk Management  There is a clear distinction between governance and management.  Management focuses on planning, building, running and monitoring within the directions set by the governance system to create value by achieving objectives.  Risk management foresees the challenges to achieving these objectives and attempts to lower the chances and impacts of them occurring.
Introduction to IT Risk Management Governance and Risk Management  Exhibit 0.1 provides an overview of the risk governance structure.
Introduction to IT Risk Management Governance and Risk Management  Effective risk governance helps ensure that risk management practices are embedded in the enterprise, enabling it to secure optimal risk-adjusted return.  Risk governance has four main objectives: 1. Establish and maintain a common risk view. 2. Integrate risk management into the enterprise. 3. Make risk-aware business decisions. 4. Ensure that risk management controls are implemented and operating correctly.
Introduction to IT Risk Management The Context of IT Risk Management  Risk management is defined as the coordinated activities to direct and control an enterprise with regard to risk.  In simple terms, risk can be considered as a challenge to achieving objectives.  Therefore, risk management can be considered as the activity undertaken to foresee challenges and lower the chances of those challenges occurring and their impact.  Effective risk management can also assist in maximizing opportunities.
Introduction to IT Risk Management The Context of IT Risk Management  Risk management starts with understanding the organization, but the organization is mostly a servant of the environment, or context, in which it operates.  Assessing the organization’s context includes evaluating the intent and capability of threats; the relative value of, and trust required in, assets; and the respective relationship of vulnerabilities that threats could exploit to intercept, modify or fabricate data in information assets.
Introduction to IT Risk Management The Context of IT Risk Management  The strategy of the organization will drive the individual lines of business that make up the organization, and each line of business will develop information systems that support its business function.  Exhibit 0.3 illustrates how IT risk relates to overall risk of the organization.
Introduction to IT Risk Management The Context of IT Risk Management  It risk management is a cyclical process, as shown in exhibit 0.4.
Introduction to IT Risk Management The Context of IT Risk Management  The first step in the IT risk management process is the identification of IT risk, which includes determining risk context and risk framework, and the process of identifying and documenting risk.  The risk identification effort should result in the listing and documentation of risk.  This step aligns with the next phase of the IT risk management process: IT risk assessment.  The effort to asses risk, including the prioritization of risk, will provide management with data required for consideration as a key factor in the next phase, risk response and mitigation.  Risk response and mitigation addresses the risk appetite and tolerance of the organization and the need to find cost-effective ways to address risk.
Introduction to IT Risk Management The Context of IT Risk Management  The final phase of IT risk management is risk and control monitoring and reporting.  In this phase, controls and risk management efforts, as well as the current risk state, are monitored and results are reported back to senior management, who will determine the need to return to any of the previous phases of the process.
Introduction to IT Risk Management The Context of IT Risk Management  The IT risk management process is based on the complete cycle of all the elements.  A failure to perform any one of the phases in a complete and thorough manner will result in an ineffective risk management process.  A failure in any step of the cycle may cause a deficiency that will affect the other phases.  As with all life cycles, the process management life cycle is repeated and continuously improved, the more effective the IT risk management effort will be, and consistent results will be obtained.
Introduction to IT Risk Management Importance of IT Risk Management  The benefits of IT risk management include:  Better oversight of organizational assets  Minimized loss  Identification of threats, vulnerabilities and risk  Prioritization of risk response efforts  Legal and regulatory compliance  Increased likelihood of project success  Improved performance and the ability to attain business goals  Increased confidence of stakeholders  Creation of a risk-aware culture  Better incident and business continuity management  Improved controls  Better monitoring and reporting  Improved decision making  Ability to meet business objective
Introduction to IT Risk Management Business Risk Versus IT Risk  Risk is a critical part of business.  Unless of a business is willing to take a risk, it will not be able to realize the benefits associated with risk.  However, taking too much risk may lead to increased likelihood of failure of the business and loss of investment.  Every business faces the decision of how much risk to take and what opportunities to forego.  This is a decision that reflects the risk acceptance level of the senior management.
Introduction to IT Risk Management Business Risk Versus IT Risk Risk and Business Continuity  IT risk management is closely linked with business continuity, and IT risk assessment is often a precursor to a business impact analysis (BIA).  In many ways, business continuity starts where risk management ends.  Through IT risk management, the organization attempts to reduce all IT risk to an acceptable level.  The risk is that the business continuity plan (BCP) may not be adequate or accurate, thereby leading to a failure to recover effectively from an incident.
Introduction to IT Risk Management Business Risk Versus IT Risk IT Risk and Information Security  Information security is usually based on risk.  The national Institute of Standards and Technology (NIST) states that an organization must provide risk-based, cost-effective controls.  The risk practitioner should be able to demonstrate the purpose of each control and explain the reasoning behind the selection and enforcement of the control.  Control Risk  Project Risk  Change Risk
Introduction to IT Risk Management Summary  This section provided an overview of the areas of IT risk that will be addressed by the risk practitioner.  There are many variables that a risk practitioner must consider and many decisions that a risk practitioner must make, but the success of the IT risk management effort is usually based on having an organization wide perspective of the risk management of risk, following a structured methodology and gathering the correct information.  It is through the success of the IT risk management effort that a risk practitioner will be able to add value, recommend appropriate controls, and report status of the risk profile to management and all relevant stakeholders.
Introduction to IT Risk Management Now that you have learned a little bit about CRISC, test yourself with this 16 question multiple choice skills assessment to see what areas you need more help with. All you need to do to start is click quiz button below. If you would rather skip the quiz and dive into more detailed material you can sign up now for our next CRISC class here!

Empfohlen

Crisc prep-guide
Crisc prep-guideCrisc prep-guide
Crisc prep-guidestatisense
 
CRISC Exam Questions
CRISC Exam QuestionsCRISC Exam Questions
CRISC Exam QuestionsCertifications
 
Isaca crisc-courseware
Isaca crisc-coursewareIsaca crisc-courseware
Isaca crisc-coursewareLaxmi Bank
 
How Training and Consulting Companies Can Position CISSP, CISM and CRISC
How Training and Consulting Companies Can Position CISSP, CISM and CRISCHow Training and Consulting Companies Can Position CISSP, CISM and CRISC
How Training and Consulting Companies Can Position CISSP, CISM and CRISCITpreneurs
 
CRISC sertifikacija
CRISC sertifikacijaCRISC sertifikacija
CRISC sertifikacijaBKA (Baltijos kompiuteriu akademija)
 
Risk Identification Exercise - Vacation to Disneyland
Risk Identification Exercise - Vacation to DisneylandRisk Identification Exercise - Vacation to Disneyland
Risk Identification Exercise - Vacation to DisneylandSachin Ghongade
 
Cobit 5 used in an information security review
Cobit 5 used in an information security reviewCobit 5 used in an information security review
Cobit 5 used in an information security reviewJohnbarchie
 
Insights on it risks evolving it landscape
Insights on it risks evolving it landscapeInsights on it risks evolving it landscape
Insights on it risks evolving it landscapeVladimir Matviychuk
 

Empfohlen

Crisc prep-guide
Crisc prep-guideCrisc prep-guide
Crisc prep-guidestatisense
 
CRISC Exam Questions
CRISC Exam QuestionsCRISC Exam Questions
CRISC Exam QuestionsCertifications
 
Isaca crisc-courseware
Isaca crisc-coursewareIsaca crisc-courseware
Isaca crisc-coursewareLaxmi Bank
 
How Training and Consulting Companies Can Position CISSP, CISM and CRISC
How Training and Consulting Companies Can Position CISSP, CISM and CRISCHow Training and Consulting Companies Can Position CISSP, CISM and CRISC
How Training and Consulting Companies Can Position CISSP, CISM and CRISCITpreneurs
 
CRISC sertifikacija
CRISC sertifikacijaCRISC sertifikacija
CRISC sertifikacijaBKA (Baltijos kompiuteriu akademija)
 
Risk Identification Exercise - Vacation to Disneyland
Risk Identification Exercise - Vacation to DisneylandRisk Identification Exercise - Vacation to Disneyland
Risk Identification Exercise - Vacation to DisneylandSachin Ghongade
 
Cobit 5 used in an information security review
Cobit 5 used in an information security reviewCobit 5 used in an information security review
Cobit 5 used in an information security reviewJohnbarchie
 
Insights on it risks evolving it landscape
Insights on it risks evolving it landscapeInsights on it risks evolving it landscape
Insights on it risks evolving it landscapeVladimir Matviychuk
 
Business information systems in your career
Business information systems in your careerBusiness information systems in your career
Business information systems in your careerProf. Othman Alsalloum
 
HOW TO EARN CISSP CERTIFICATION?
HOW TO EARN CISSP CERTIFICATION?HOW TO EARN CISSP CERTIFICATION?
HOW TO EARN CISSP CERTIFICATION?Terro White
 
COBIT®5 - Implementation
COBIT®5 - ImplementationCOBIT®5 - Implementation
COBIT®5 - ImplementationMirosław Dąbrowski C-level IT manager, CEO, Agile, ICF Coach, Speaker
 
Cism course ppt
Cism course pptCism course ppt
Cism course pptsophiarock123
 
SDI - SDA - Service Desk Analyst
SDI - SDA - Service Desk AnalystSDI - SDA - Service Desk Analyst
SDI - SDA - Service Desk AnalystMirosław Dąbrowski C-level IT manager, CEO, Agile, ICF Coach, Speaker
 
Slide Deck CISSP Class Session 4
Slide Deck CISSP Class Session 4Slide Deck CISSP Class Session 4
Slide Deck CISSP Class Session 4FRSecure
 
CHAMPS2 - Foundation
CHAMPS2 - FoundationCHAMPS2 - Foundation
CHAMPS2 - FoundationMirosław Dąbrowski C-level IT manager, CEO, Agile, ICF Coach, Speaker
 
CismPrepGuide
CismPrepGuideCismPrepGuide
CismPrepGuidestatisense
 
APMP: The APM Project Management Qualification
APMP: The APM Project Management QualificationAPMP: The APM Project Management Qualification
APMP: The APM Project Management QualificationMirosław Dąbrowski C-level IT manager, CEO, Agile, ICF Coach, Speaker
 
COBIT®5 - Foundation
COBIT®5 - FoundationCOBIT®5 - Foundation
COBIT®5 - FoundationMirosław Dąbrowski C-level IT manager, CEO, Agile, ICF Coach, Speaker
 
COSO ERM
COSO ERMCOSO ERM
COSO ERMSophia Abigayle
 
CISA Training - Chapter 5 - 2016
CISA Training - Chapter 5 - 2016CISA Training - Chapter 5 - 2016
CISA Training - Chapter 5 - 2016Hafiz Sheikh Adnan Ahmed
 
How to Prepare for the CISSP Exam
How to Prepare for the CISSP ExamHow to Prepare for the CISSP Exam
How to Prepare for the CISSP Examkoidis
 
IQBBA® - Foundation Level Business Analyst
IQBBA® - Foundation Level Business AnalystIQBBA® - Foundation Level Business Analyst
IQBBA® - Foundation Level Business AnalystMirosław Dąbrowski C-level IT manager, CEO, Agile, ICF Coach, Speaker
 
Agile Coaching Change Management Framework.pptx
Agile Coaching Change Management Framework.pptxAgile Coaching Change Management Framework.pptx
Agile Coaching Change Management Framework.pptxalinstan901
 
situational leadership theory by Misba Fathima S
situational leadership theory by Misba Fathima Ssituational leadership theory by Misba Fathima S
situational leadership theory by Misba Fathima Smisbafathima9940
 
Call now : 9892124323 Nalasopara Beautiful Call Girls Vasai virar Best Call G...
Call now : 9892124323 Nalasopara Beautiful Call Girls Vasai virar Best Call G...Call now : 9892124323 Nalasopara Beautiful Call Girls Vasai virar Best Call G...
Call now : 9892124323 Nalasopara Beautiful Call Girls Vasai virar Best Call G...Pooja Nehwal
 
Day 0- Bootcamp Roadmap for PLC Bootcamp
Day 0- Bootcamp Roadmap for PLC BootcampDay 0- Bootcamp Roadmap for PLC Bootcamp
Day 0- Bootcamp Roadmap for PLC BootcampPLCLeadershipDevelop
 
Continuous Improvement Posters for Learning
Continuous Improvement Posters for LearningContinuous Improvement Posters for Learning
Continuous Improvement Posters for LearningCIToolkit
 
Disrupt or be Disrupted - Kirk Vallis.pdf
Disrupt or be Disrupted - Kirk Vallis.pdfDisrupt or be Disrupted - Kirk Vallis.pdf
Disrupt or be Disrupted - Kirk Vallis.pdfPPMA - Public Sector People Managers' Association
 
internal analysis on strategic management
internal analysis on strategic managementinternal analysis on strategic management
internal analysis on strategic managementharfimakarim
 
BDSM⚡Call Girls in Sector 99 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 99 Noida Escorts >༒8448380779 Escort ServiceBDSM⚡Call Girls in Sector 99 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 99 Noida Escorts >༒8448380779 Escort ServiceDelhi Call girls
 

Weitere ähnliche Inhalte

Andere mochten auch

Business information systems in your career
Business information systems in your careerBusiness information systems in your career
Business information systems in your careerProf. Othman Alsalloum
 
HOW TO EARN CISSP CERTIFICATION?
HOW TO EARN CISSP CERTIFICATION?HOW TO EARN CISSP CERTIFICATION?
HOW TO EARN CISSP CERTIFICATION?Terro White
 
Slide Deck CISSP Class Session 4
Slide Deck CISSP Class Session 4Slide Deck CISSP Class Session 4
Slide Deck CISSP Class Session 4FRSecure
 
How to Prepare for the CISSP Exam
How to Prepare for the CISSP ExamHow to Prepare for the CISSP Exam
How to Prepare for the CISSP Examkoidis
 

Andere mochten auch (14)

Business information systems in your career
Business information systems in your careerBusiness information systems in your career
Business information systems in your career
 
HOW TO EARN CISSP CERTIFICATION?
HOW TO EARN CISSP CERTIFICATION?HOW TO EARN CISSP CERTIFICATION?
HOW TO EARN CISSP CERTIFICATION?
 
COBIT®5 - Implementation
COBIT®5 - ImplementationCOBIT®5 - Implementation
COBIT®5 - Implementation
 
Cism course ppt
Cism course pptCism course ppt
Cism course ppt
 
SDI - SDA - Service Desk Analyst
SDI - SDA - Service Desk AnalystSDI - SDA - Service Desk Analyst
SDI - SDA - Service Desk Analyst
 
Slide Deck CISSP Class Session 4
Slide Deck CISSP Class Session 4Slide Deck CISSP Class Session 4
Slide Deck CISSP Class Session 4
 
CHAMPS2 - Foundation
CHAMPS2 - FoundationCHAMPS2 - Foundation
CHAMPS2 - Foundation
 
CismPrepGuide
CismPrepGuideCismPrepGuide
CismPrepGuide
 
APMP: The APM Project Management Qualification
APMP: The APM Project Management QualificationAPMP: The APM Project Management Qualification
APMP: The APM Project Management Qualification
 
COBIT®5 - Foundation
COBIT®5 - FoundationCOBIT®5 - Foundation
COBIT®5 - Foundation
 
COSO ERM
COSO ERMCOSO ERM
COSO ERM
 
CISA Training - Chapter 5 - 2016
CISA Training - Chapter 5 - 2016CISA Training - Chapter 5 - 2016
CISA Training - Chapter 5 - 2016
 
How to Prepare for the CISSP Exam
How to Prepare for the CISSP ExamHow to Prepare for the CISSP Exam
How to Prepare for the CISSP Exam
 
IQBBA® - Foundation Level Business Analyst
IQBBA® - Foundation Level Business AnalystIQBBA® - Foundation Level Business Analyst
IQBBA® - Foundation Level Business Analyst
 

Kürzlich hochgeladen

Agile Coaching Change Management Framework.pptx
Agile Coaching Change Management Framework.pptxAgile Coaching Change Management Framework.pptx
Agile Coaching Change Management Framework.pptxalinstan901
 
situational leadership theory by Misba Fathima S
situational leadership theory by Misba Fathima Ssituational leadership theory by Misba Fathima S
situational leadership theory by Misba Fathima Smisbafathima9940
 
Call now : 9892124323 Nalasopara Beautiful Call Girls Vasai virar Best Call G...
Call now : 9892124323 Nalasopara Beautiful Call Girls Vasai virar Best Call G...Call now : 9892124323 Nalasopara Beautiful Call Girls Vasai virar Best Call G...
Call now : 9892124323 Nalasopara Beautiful Call Girls Vasai virar Best Call G...Pooja Nehwal
 
Day 0- Bootcamp Roadmap for PLC Bootcamp
Day 0- Bootcamp Roadmap for PLC BootcampDay 0- Bootcamp Roadmap for PLC Bootcamp
Day 0- Bootcamp Roadmap for PLC BootcampPLCLeadershipDevelop
 
Continuous Improvement Posters for Learning
Continuous Improvement Posters for LearningContinuous Improvement Posters for Learning
Continuous Improvement Posters for LearningCIToolkit
 
internal analysis on strategic management
internal analysis on strategic managementinternal analysis on strategic management
internal analysis on strategic managementharfimakarim
 
BDSM⚡Call Girls in Sector 99 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 99 Noida Escorts >༒8448380779 Escort ServiceBDSM⚡Call Girls in Sector 99 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 99 Noida Escorts >༒8448380779 Escort ServiceDelhi Call girls
 
Continuous Improvement Infographics for Learning
Continuous Improvement Infographics for LearningContinuous Improvement Infographics for Learning
Continuous Improvement Infographics for LearningCIToolkit
 
GENUINE Babe,Call Girls IN Baderpur Delhi | +91-8377087607
GENUINE Babe,Call Girls IN Baderpur Delhi | +91-8377087607GENUINE Babe,Call Girls IN Baderpur Delhi | +91-8377087607
GENUINE Babe,Call Girls IN Baderpur Delhi | +91-8377087607dollysharma2066
 
Dealing with Poor Performance - get the full picture from 3C Performance Mana...
Dealing with Poor Performance - get the full picture from 3C Performance Mana...Dealing with Poor Performance - get the full picture from 3C Performance Mana...
Dealing with Poor Performance - get the full picture from 3C Performance Mana...Hedda Bird
 
Reviewing and summarization of university ranking system to.pptx
Reviewing and summarization of university ranking system to.pptxReviewing and summarization of university ranking system to.pptx
Reviewing and summarization of university ranking system to.pptxAss.Prof. Dr. Mogeeb Mosleh
 
Construction Project Management | Coursera 2024
Construction Project Management | Coursera 2024Construction Project Management | Coursera 2024
Construction Project Management | Coursera 2024Alex Marques
 

Kürzlich hochgeladen (20)

Agile Coaching Change Management Framework.pptx
Agile Coaching Change Management Framework.pptxAgile Coaching Change Management Framework.pptx
Agile Coaching Change Management Framework.pptx
 
situational leadership theory by Misba Fathima S
situational leadership theory by Misba Fathima Ssituational leadership theory by Misba Fathima S
situational leadership theory by Misba Fathima S
 
Call now : 9892124323 Nalasopara Beautiful Call Girls Vasai virar Best Call G...
Call now : 9892124323 Nalasopara Beautiful Call Girls Vasai virar Best Call G...Call now : 9892124323 Nalasopara Beautiful Call Girls Vasai virar Best Call G...
Call now : 9892124323 Nalasopara Beautiful Call Girls Vasai virar Best Call G...
 
Day 0- Bootcamp Roadmap for PLC Bootcamp
Day 0- Bootcamp Roadmap for PLC BootcampDay 0- Bootcamp Roadmap for PLC Bootcamp
Day 0- Bootcamp Roadmap for PLC Bootcamp
 
Continuous Improvement Posters for Learning
Continuous Improvement Posters for LearningContinuous Improvement Posters for Learning
Continuous Improvement Posters for Learning
 
Disrupt or be Disrupted - Kirk Vallis.pdf
Disrupt or be Disrupted - Kirk Vallis.pdfDisrupt or be Disrupted - Kirk Vallis.pdf
Disrupt or be Disrupted - Kirk Vallis.pdf
 
internal analysis on strategic management
internal analysis on strategic managementinternal analysis on strategic management
internal analysis on strategic management
 
BDSM⚡Call Girls in Sector 99 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 99 Noida Escorts >༒8448380779 Escort ServiceBDSM⚡Call Girls in Sector 99 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 99 Noida Escorts >༒8448380779 Escort Service
 
Imagine - HR; are handling the 'bad banter' - Stella Chandler.pdf
Imagine - HR; are handling the 'bad banter' - Stella Chandler.pdfImagine - HR; are handling the 'bad banter' - Stella Chandler.pdf
Imagine - HR; are handling the 'bad banter' - Stella Chandler.pdf
 
Imagine - Creating Healthy Workplaces - Anthony Montgomery.pdf
Imagine - Creating Healthy Workplaces - Anthony Montgomery.pdfImagine - Creating Healthy Workplaces - Anthony Montgomery.pdf
Imagine - Creating Healthy Workplaces - Anthony Montgomery.pdf
 
Continuous Improvement Infographics for Learning
Continuous Improvement Infographics for LearningContinuous Improvement Infographics for Learning
Continuous Improvement Infographics for Learning
 
Empowering Local Government Frontline Services - Mo Baines.pdf
Empowering Local Government Frontline Services - Mo Baines.pdfEmpowering Local Government Frontline Services - Mo Baines.pdf
Empowering Local Government Frontline Services - Mo Baines.pdf
 
GENUINE Babe,Call Girls IN Baderpur Delhi | +91-8377087607
GENUINE Babe,Call Girls IN Baderpur Delhi | +91-8377087607GENUINE Babe,Call Girls IN Baderpur Delhi | +91-8377087607
GENUINE Babe,Call Girls IN Baderpur Delhi | +91-8377087607
 
Dealing with Poor Performance - get the full picture from 3C Performance Mana...
Dealing with Poor Performance - get the full picture from 3C Performance Mana...Dealing with Poor Performance - get the full picture from 3C Performance Mana...
Dealing with Poor Performance - get the full picture from 3C Performance Mana...
 
Becoming an Inclusive Leader - Bernadette Thompson
Becoming an Inclusive Leader - Bernadette ThompsonBecoming an Inclusive Leader - Bernadette Thompson
Becoming an Inclusive Leader - Bernadette Thompson
 
Reviewing and summarization of university ranking system to.pptx
Reviewing and summarization of university ranking system to.pptxReviewing and summarization of university ranking system to.pptx
Reviewing and summarization of university ranking system to.pptx
 
Abortion pills in Jeddah |• +966572737505 ] GET CYTOTEC
Abortion pills in Jeddah |• +966572737505 ] GET CYTOTECAbortion pills in Jeddah |• +966572737505 ] GET CYTOTEC
Abortion pills in Jeddah |• +966572737505 ] GET CYTOTEC
 
Discover -CQ Master Class - Rikita Wadhwa.pdf
Discover -CQ Master Class - Rikita Wadhwa.pdfDiscover -CQ Master Class - Rikita Wadhwa.pdf
Discover -CQ Master Class - Rikita Wadhwa.pdf
 
LoveLocalGov - Chris Twigg, Inner Circle
LoveLocalGov - Chris Twigg, Inner CircleLoveLocalGov - Chris Twigg, Inner Circle
LoveLocalGov - Chris Twigg, Inner Circle
 
Construction Project Management | Coursera 2024
Construction Project Management | Coursera 2024Construction Project Management | Coursera 2024
Construction Project Management | Coursera 2024
 

Intro to CRISC and Skills Assessment

  • 2. Introduction to IT Risk Management
  • 3. Introduction to IT Risk Management  Risk is defined as the combination of the probability of an event and its consequence.  Often, risk is seen as an adverse event that can threaten an organization’s assets or exploit vulnerabilities and cause harm.  Several factors are considered when evaluating risk, such as:  the mission of the organization  assets  threat  vulnerability  likelihood and impact.
  • 4. Introduction to IT Risk Management Governance and Risk Management  Governance is the accountability for protection of the assets of an organization.  Over the past decade, the term “governance” has moved to the forefront of business thinking in response to examples demonstrating the importance of good governance and, on the other end of the scale, global business mishaps.  The corporate governance of IT is the system by which the current and future use of IT is evaluated, directed and controlled.
  • 5. Introduction to IT Risk Management Governance and Risk Management  Value creation is comprised of benefits realization, risk optimization and resource optimization.  Risk optimization is, therefore, an essential part of any governance system and cannot be seen in isolation from benefits realization or resource optimization.  Governance answers four questions:  Are we doing the right things?  Are we doing them the right way?  Are we getting them done well?  Are we getting the benefits?
  • 6. Introduction to IT Risk Management Governance and Risk Management  There is a clear distinction between governance and management.  Management focuses on planning, building, running and monitoring within the directions set by the governance system to create value by achieving objectives.  Risk management foresees the challenges to achieving these objectives and attempts to lower the chances and impacts of them occurring.
  • 7. Introduction to IT Risk Management Governance and Risk Management  Exhibit 0.1 provides an overview of the risk governance structure.
  • 8. Introduction to IT Risk Management Governance and Risk Management  Effective risk governance helps ensure that risk management practices are embedded in the enterprise, enabling it to secure optimal risk-adjusted return.  Risk governance has four main objectives: 1. Establish and maintain a common risk view. 2. Integrate risk management into the enterprise. 3. Make risk-aware business decisions. 4. Ensure that risk management controls are implemented and operating correctly.
  • 9. Introduction to IT Risk Management The Context of IT Risk Management  Risk management is defined as the coordinated activities to direct and control an enterprise with regard to risk.  In simple terms, risk can be considered as a challenge to achieving objectives.  Therefore, risk management can be considered as the activity undertaken to foresee challenges and lower the chances of those challenges occurring and their impact.  Effective risk management can also assist in maximizing opportunities.
  • 10. Introduction to IT Risk Management The Context of IT Risk Management  Risk management starts with understanding the organization, but the organization is mostly a servant of the environment, or context, in which it operates.  Assessing the organization’s context includes evaluating the intent and capability of threats; the relative value of, and trust required in, assets; and the respective relationship of vulnerabilities that threats could exploit to intercept, modify or fabricate data in information assets.
  • 11. Introduction to IT Risk Management The Context of IT Risk Management  The strategy of the organization will drive the individual lines of business that make up the organization, and each line of business will develop information systems that support its business function.  Exhibit 0.3 illustrates how IT risk relates to overall risk of the organization.
  • 12. Introduction to IT Risk Management The Context of IT Risk Management  It risk management is a cyclical process, as shown in exhibit 0.4.
  • 13. Introduction to IT Risk Management The Context of IT Risk Management  The first step in the IT risk management process is the identification of IT risk, which includes determining risk context and risk framework, and the process of identifying and documenting risk.  The risk identification effort should result in the listing and documentation of risk.  This step aligns with the next phase of the IT risk management process: IT risk assessment.  The effort to asses risk, including the prioritization of risk, will provide management with data required for consideration as a key factor in the next phase, risk response and mitigation.  Risk response and mitigation addresses the risk appetite and tolerance of the organization and the need to find cost-effective ways to address risk.
  • 14. Introduction to IT Risk Management The Context of IT Risk Management  The final phase of IT risk management is risk and control monitoring and reporting.  In this phase, controls and risk management efforts, as well as the current risk state, are monitored and results are reported back to senior management, who will determine the need to return to any of the previous phases of the process.
  • 15. Introduction to IT Risk Management The Context of IT Risk Management  The IT risk management process is based on the complete cycle of all the elements.  A failure to perform any one of the phases in a complete and thorough manner will result in an ineffective risk management process.  A failure in any step of the cycle may cause a deficiency that will affect the other phases.  As with all life cycles, the process management life cycle is repeated and continuously improved, the more effective the IT risk management effort will be, and consistent results will be obtained.
  • 16. Introduction to IT Risk Management Importance of IT Risk Management  The benefits of IT risk management include:  Better oversight of organizational assets  Minimized loss  Identification of threats, vulnerabilities and risk  Prioritization of risk response efforts  Legal and regulatory compliance  Increased likelihood of project success  Improved performance and the ability to attain business goals  Increased confidence of stakeholders  Creation of a risk-aware culture  Better incident and business continuity management  Improved controls  Better monitoring and reporting  Improved decision making  Ability to meet business objective
  • 17. Introduction to IT Risk Management Business Risk Versus IT Risk  Risk is a critical part of business.  Unless of a business is willing to take a risk, it will not be able to realize the benefits associated with risk.  However, taking too much risk may lead to increased likelihood of failure of the business and loss of investment.  Every business faces the decision of how much risk to take and what opportunities to forego.  This is a decision that reflects the risk acceptance level of the senior management.
  • 18. Introduction to IT Risk Management Business Risk Versus IT Risk Risk and Business Continuity  IT risk management is closely linked with business continuity, and IT risk assessment is often a precursor to a business impact analysis (BIA).  In many ways, business continuity starts where risk management ends.  Through IT risk management, the organization attempts to reduce all IT risk to an acceptable level.  The risk is that the business continuity plan (BCP) may not be adequate or accurate, thereby leading to a failure to recover effectively from an incident.
  • 19. Introduction to IT Risk Management Business Risk Versus IT Risk IT Risk and Information Security  Information security is usually based on risk.  The national Institute of Standards and Technology (NIST) states that an organization must provide risk-based, cost-effective controls.  The risk practitioner should be able to demonstrate the purpose of each control and explain the reasoning behind the selection and enforcement of the control.  Control Risk  Project Risk  Change Risk
  • 20. Introduction to IT Risk Management Summary  This section provided an overview of the areas of IT risk that will be addressed by the risk practitioner.  There are many variables that a risk practitioner must consider and many decisions that a risk practitioner must make, but the success of the IT risk management effort is usually based on having an organization wide perspective of the risk management of risk, following a structured methodology and gathering the correct information.  It is through the success of the IT risk management effort that a risk practitioner will be able to add value, recommend appropriate controls, and report status of the risk profile to management and all relevant stakeholders.
  • 21. Introduction to IT Risk Management Now that you have learned a little bit about CRISC, test yourself with this 16 question multiple choice skills assessment to see what areas you need more help with. All you need to do to start is click quiz button below. If you would rather skip the quiz and dive into more detailed material you can sign up now for our next CRISC class here!