COBITS

risk management guide

February 5, 2014 by Bruce Brown Leave a Comment

If you are looking for a risk management guide there are several references text to choose from. NIST SP 800-37, Risk Management Framework, ISO 31000:2009 Risk Management, ISACA RISK IT Framework, and ITSG-33 are all pretty good risk management guides

NIST SP 800-37, Guide for Applying the Risk Management

The US federal government uses NIST SP 800-37. The Defense Department uses DIARMF on which this site is based and DIARMF is based on NIST SP 800-37. The document is comprehensive and branches in to several other documents: NIST SP 800-39, Risk Management Security, NIST SP 800-30, Risk Assessment, NIST SP 800-53, Security controls and many others. The NIST risk management guides were developed by National Institute of Standards and Technology (NIST) in collaboration with the Office of the Director of National Intelligence (ODNI), the Department of Defense (DOD), and the Committee on National Security Systems (CNSS).

ISO 31000:2009 Risk Management Guide

ISO 31000:2009, Risk Management is a practical guide designed for any organization. Designed by the International Organization for Standardization (ISO) 31000: 2009 offers a robust open standard for risk management framework.

ISACA RISK IT Framework

ISACA Risk IT Framework provides complete end to end guide for risk management of information technology addressing security threats exploiting asset vulnerabilities for corporations.

ITSG – IT Security Risk Management guide

Created by the Government of Canada’s, the ITSG is a IT Security Risk management guide ITSG-33 covers roles, responsibilities and activities of the Canadian risk management.

isaca risk it framework

January 29, 2014 by Bruce Brown Leave a Comment

ISACA is one of the leading international, non-profit organizations putting out what is now one of the world’s most respected set of information security and risk IT framework & IT certifications:

COBIT, Business Framework for Governance and Management of IT Val IT, IT Framework for Business Technology Management
Risk IT, Framework for IT Related Business Risk
CISA, Certified Information System Auditor
CISM, Certified Information System Manager
CGEIT, Certified in Governance of IT
CRISC, Certified in Risk of Information Systems Controls
ISACA used to stand for Information Systems Audit and Control Association, but is now just ISACA.

ISACA Risk IT Framework

The ISACA has a The Risk IT Practitioner Guide

The Risk IT Framework fills the gap between generic risk management frameworks and detailed (primarily security-related) IT risk management frameworks. It provides an end-to-end, comprehensive view of all risks related to the use of IT and a similarly thorough treatment of risk management, from the tone and culture at the top, to operational issues. In summary, the framework will enable enterprises to understand and manage all significant IT risk types, building upon the existing risk related components within the current ISACA frameworks, i.e., COBIT and Val IT. http://www.isaca.org/Knowledge-Center/Research/ResearchDeliverables/Pages/The-Risk-IT-Framework.aspx

ISACA Risk IT Framework is more that just a complement to DIARMF/NIST Risk Management framwork, its a complete framework that stands on its own that would be great for a non-government corporate entity to use.