Documente Academic
Documente Profesional
Documente Cultură
RISK IT FRAMEWORK
LISA YOUNG, VICE PRESIDENT, CYBER RISK ENGINEERING, AXIO
PLATFORM INFORMATION & QUICK TIPS
• Use the HELP icon at the bottom for FAQ’s and system requirements.
• You must view the live or recorded webinar for the required amount of time (50
minutes). Check the CPE Credit and Certificate window to view the timer.
• Your CPE Certificate will automatically appear in the ISACA CPE RECORDS tab
on the MyISACA page in your account after completing the required viewing
time.
• Please be patient. This process could take up to 24 hours for your CPE
Certificate to appear in your account and another 24 hours for your CPE Credit
to be applied to your CPE Manager.
• As a reminder, all ISACA webinars and the CPE credits and CPE certificates
expire 365 days post live event.
TODAY’S SPEAKER
Lisa Young
Axio
• Q&A
SETTING THE CONTEXT FOR RISK MANAGEMENT
10
Other Common Cyber Risk Categories
In addition to tangible destruction and data destruction, we should be aware of these
11
SETTING THE CONTEXT FOR RISK
SERVICES, PRODUCTS, MISSION
• Outputs of an organization
• Can be internally or externally focused
• Typically align with a specific organizational unit, but can cross units and
organizational boundaries
• Collectively they enable an organization’s mission
BUSINESS OPERATIONS, BUSINESS PROCESSES, PRODUCTIVE
ACTIVITIES, PROJECTS
• The activities that the organization (and/or its suppliers) perform
to ensure that services and products are produced
• Traverse the organization; cross organizational lines
• A service or a product is made up of one or more Business
Processes, productive activities, projects or whatever they are
called in your organization.
ASSETS
Risk assessment must help the organization identify what could threaten the
organization’s ability to meet objectives
• Conditions
• What the probability is of the threat materializing or how susceptible are you?
• Uncertainty factor
• How the realized risk will impact the organization
• Consequence/Impact
• Risk
Analyze • Risk response,
identification • Assessment mitigation and
and and monitoring
prioritization quantification activities
of risk
Identify Manage
AUDITING AND RISK MANAGEMENT ARE COMPLIMENTARY
You assume the entire risk for the use of the content and acknowledge that: ISACA
has designed the content primarily as an educational resource for IT professionals and
therefore the content should not be deemed either to set forth all appropriate
procedures, tests, or controls or to suggest that other procedures, tests, or controls
that are not included may not be appropriate; ISACA does not claim that use of the
content will assure a successful outcome and you are responsible for applying
professional judgement to the specific circumstances presented to determining the
appropriate procedures, tests, or controls.
Copyright © 2020 by the Information Systems Audit and Control Association, Inc. (ISACA). All rights reserved. This webinar may not be used, copied, reproduced,
modified, distributed, displayed, stored in a retrieval system, or transmitted in any form by any means (electronic, mechanical, photocopying, recording or otherwise).
THANK YOU FOR
ATTENDING THIS
ISACA WEBINAR