Tag Archives: ISACA

Immediate Vault Immediate Access

RIMS and ISACA Release Joint Report “Bridging the Digital Risk Gap”

Posted on by

All too often, IT and risk management professionals seem to be speaking a different language—that is, if they even speak at all. Bridging the Digital Risk Gap, the new report jointly authored by the RIMS, the risk management society®, and ISACA®, promotes understanding, collaboration and communication between these professionals to get the most out of their organizations’ technological investments.

Digital enterprise strategy and execution are emerging as essential horizontal competencies to support business objectives. No longer the sole purview of technical experts, cybersecurity risks and opportunities are now a core component of a business risk portfolio.

buy lasix online www.arborvita.com/wp-content/uploads/2023/10/jpg/lasix.html no prescription pharmacy

Strong collaboration between IT and risk management professionals facilitates strategic alignment of resources and promotes the creation of value across an enterprise.

ISACA’s Risk IT Framework acknowledges and integrates the interaction between the two professional groups by embedding IT practices within enterprise risk management, enabling an organization to secure optimal risk-adjusted return. In viewing digital risk through an enterprise lens, organizations can better realize a broader operational impact and spur improvements in decision-making, collabora­tion and accountability. In order to achieve optimal value, however, risk management should be a part of technology implementation from a project’s outset and throughout its life cycle. By understanding the technology life cycle, IT and risk management professionals can identify the best opportuni­ties for collaboration among themselves and with other important functional roles.

IT and risk management professionals both employ various tools and strategies to help manage risk. Although the methodologies used by the two groups differ, they are generally designed to achieve similar results. Generally, practitioners from both professions start with a baseline of business objectives and the establishment of context to enable the application of risk-based decision making. By integrating frameworks (such as the NIST Cybersecurity framework and the ANSI RA.1 risk assessment standard), roles and assessment methods, IT and risk management professionals can better coordinate their efforts to address threats and create value.

For example, better coordination of risk assessments allows orga­nizations to improve performance by iden­tifying a broader range of risks and potential mitigations, and ensures that operations are proceeding within acceptable risk tolerances.

buy arimidex online www.arborvita.com/wp-content/uploads/2023/10/jpg/arimidex.html no prescription pharmacy

It also provides a clearer, more informed picture of an enterprise’s risks, which can help an organization’s board as they make IT funding decisions, along with other business investments. Leveraging the respective assessment techniques also leads to more informed underwriting—and thus improves pricing of insurance programs, terms of coverage, products and services.

Overall, developing clear, common language and mutual understanding can serve as a strong bridge to unite the cultures, bring these two areas together and create significant value along the way.

buy sinequan online www.arborvita.com/wp-content/uploads/2023/10/jpg/sinequan.html no prescription pharmacy

The report is currently available to RIMS and ISACA members through their respective websites. The report can be downloaded through the RIMS Risk Knowledge library by clicking here or from ISACA at www.isaca.org/digital-risk-gap. For more information about RIMS and to learn about other RIMS publications, educational opportunities, conferences and resources, visit www.RIMS.org. To learn more about ISACA and its resources, visit www.isaca.org.

Do the Risks of Cloud Computing Outweigh Benefits?

Posted on by

cloud computing

The idea of cloud computing, or internet-based computing, has become very popular over the past few years with its innovative cost benefits and efficiency. And as more organizations look to switch from company-owned hardware to per-use service-based models, the benefits of cloud computing have been touted over and over again. But what about the risks?

Well, according to The Information Systems Audit and Control Association (ISACA), many feel the risks of such computing outweigh the benefits. In fact, 45% of those surveyed in ISACA’s first annual IT Risk/Reward Barometer survey feel that way. In addition:

The IT Risk/Reward Barometer found that only 10% of respondents’ organizations plan to use cloud computing for mission-critical IT services and one in four (26%) do not plan to use it for any IT services.

Consistent with this attitude is the appetite for overall IT-related risk in 2010. In the face of continued economic uncertainty and despite the potential to drive greater rewards, more than three-quarters of those surveyed believe that projects should offer the same or lower level of risk in 2010. Similarly, 79% will invest the same amount or only slightly more in risk management and compliance in 2010.

“The cloud represents a major change in how computing resources will be utilized, so it’s not surprising that IT professionals have concerns about risk vs. reward trade-offs,” says Robert Stroud, international vice president of ISACA and vice president of IT service management and governance for the service management business unit at CA Inc. “But risk and value are two sides of the same coin. If cloud computing is treated as a major governance initiative involving a broad set of stakeholders, it has the potential to yield benefits that can equal or outweigh the risks.”

The survey also revealed organizations’ attitudes and behaviors related to IT risk management. According to the IT professionals questioned, only 22% of organizations are very effective at integrating IT risk management with their overall business risk management. And, as usual, every organization employs people who further contribute to the company’s IT risks. The Barometer found that the top three high-risk ways in which employees contribute to risky business are:

  • Not protecting confidential work data appropriately (50%)
  • Not fully understanding IT policies (33%)
  • Using non-approved software or online services for their work (32%)

“Many employees are working around controls and using non-approved devices and programs so they have the tools they need to do their jobs,” said John Pironti, member of ISACA’s Certification Committee and president of IP Architects LLC. “Instead of prohibiting certain technologies, organizations should try to learn why their employees feel they need these technologies and train employees to use them safely.”

As with anything, proper training is essential to reducing inherent risks. As the popularity of cloud computing grows, organizations will be forced to step up their employee training while more responsiblity will be placed on IT professionals. Is it all worth it? Is cloud computing worth the risk?

Picture 8

Consistent with this attitude is the appetite for overall IT-related risk in 2010. In the face of continued economic uncertainty and despite the potential to drive greater rewards, more than three-quarters of those surveyed believe that projects should offer the same or lower level of risk in 2010. Similarly, 79 percent will invest the same amount or only slightly more in risk management and compliance in 2010.