en.unionpedia.org

Risk IT, the Glossary

Index Risk IT

Risk IT Framework, published in 2009 by ISACA, (registration required) provides an end-to-end, comprehensive view of all risks related to the use of information technology (IT) and a similarly thorough treatment of risk management, from the tone and culture at the top to operational issues.[1]

Table of Contents

  1. 30 relations: Balanced scorecard, Business risks, COBIT, Committee of Sponsoring Organizations of the Treadway Commission, Enterprise risk management, Envista Forensics, Ernst & Young, Factor analysis of information risk, Goal, Gordon–Loeb model, IBM, Information technology, ISACA, ISO 31000, ISO/IEC 27005, IT risk, Key risk indicator, KPMG, Need to know, Process (engineering), PwC, Responsibility assignment matrix, Risk, Risk appetite, Risk communication, Risk factor (computing), Risk management, Swiss Life, Tone at the top, Val IT.

  2. IT risk management
  3. Information technology governance
  4. Risk analysis methodologies

Balanced scorecard

A balanced scorecard is a strategy performance management tool – a well-structured report used to keep track of the execution of activities by staff and to monitor the consequences arising from these actions.

See Risk IT and Balanced scorecard

Business risks

The term business risks refers to the possibility of a commercial business making inadequate profits (or even losses) due to uncertainties - for example: changes in tastes, changing preferences of consumers, strikes, increased competition, changes in government policy, obsolescence etc.

See Risk IT and Business risks

COBIT

COBIT (Control Objectives for Information and Related Technologies) is a framework created by ISACA for information technology (IT) management and IT governance. Risk IT and COBIT are information technology governance.

See Risk IT and COBIT

The Committee of Sponsoring Organizations of the Treadway Commission (COSO) is an organization that develops guidelines for businesses to evaluate internal controls, risk management, and fraud deterrence.

See Risk IT and Committee of Sponsoring Organizations of the Treadway Commission

Enterprise risk management

Enterprise risk management (ERM) in business includes the methods and processes used by organizations to manage risks and seize opportunities related to the achievement of their objectives.

See Risk IT and Enterprise risk management

Envista Forensics

Envista Forensics is a United States based company that provides forensic engineering and recovery solutions for the insurance, legal, and risk management industries in the United States and internationally.

See Risk IT and Envista Forensics

Ernst & Young

Ernst & Young Global Limited, trade name EY, is a multinational professional services partnership.

See Risk IT and Ernst & Young

Factor analysis of information risk

Factor analysis of information risk (FAIR) is a taxonomy of the factors that contribute to risk and how they affect each other. Risk IT and factor analysis of information risk are risk analysis methodologies.

See Risk IT and Factor analysis of information risk

Goal

A goal or objective is an idea of the future or desired result that a person or a group of people envision, plan, and commit to achieve.

See Risk IT and Goal

Gordon–Loeb model

The Gordon–Loeb model is a mathematical economic model analyzing the optimal investment level in information security.

See Risk IT and Gordon–Loeb model

IBM

International Business Machines Corporation (using the trademark IBM), nicknamed Big Blue, is an American multinational technology company headquartered in Armonk, New York and present in over 175 countries.

See Risk IT and IBM

Information technology

Information technology (IT) is a set of related fields that encompass computer systems, software, programming languages, and data and information processing, and storage.

See Risk IT and Information technology

ISACA

ISACA is an international professional association focused on IT (information technology) governance.

See Risk IT and ISACA

ISO 31000

ISO 31000 is a family of international standards relating to risk management codified by the International Organization for Standardization.

See Risk IT and ISO 31000

ISO/IEC 27005

ISO/IEC 27005 "Information technology — Security techniques — Information security risk management" is an international standard published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) providing good practice guidance on managing risks to information.

See Risk IT and ISO/IEC 27005

IT risk

Information technology risk, IT risk, IT-related risk, or cyber risk is any risk relating to information technology. Risk IT and iT risk are iT risk management.

See Risk IT and IT risk

Key risk indicator

A key risk indicator (KRI) is a measure used in management to indicate how risky an activity is.

See Risk IT and Key risk indicator

KPMG

KPMG International Limited (or simply KPMG) is a multinational professional services network, and one of the Big Four accounting organizations, along with Ernst & Young (EY), Deloitte, and PwC.

See Risk IT and KPMG

Need to know

The term "need to know", when used by governments and other organizations (particularly those related to military or intelligence), describes the restriction of data which is considered very confidential and sensitive.

See Risk IT and Need to know

Process (engineering)

In engineering, a process is a series of interrelated tasks that, together, transform inputs into a given output.

See Risk IT and Process (engineering)

PwC

PricewaterhouseCoopers International Limited is a multinational professional services brand of firms, operating as partnerships under the PwC brand.

See Risk IT and PwC

Responsibility assignment matrix

In business and project management, a responsibility assignment matrix (RAM), also known as RACI matrix or linear responsibility chart (LRC), is a model that describes the participation by various roles in completing tasks or deliverables for a project or business process.

See Risk IT and Responsibility assignment matrix

Risk

In simple terms, risk is the possibility of something bad happening.

See Risk IT and Risk

Risk appetite

Risk appetite is the level of risk that an organization is prepared to accept in pursuit of its objectives, before action is deemed necessary to reduce the risk.

See Risk IT and Risk appetite

Risk communication

Risk communication is a complex cross-disciplinary academic field that is part of risk management and related to fields like crisis communication.

See Risk IT and Risk communication

Risk factor (computing)

In information security, risk factor is a collective name for circumstances affecting the likelihood or impact of a security risk.

See Risk IT and Risk factor (computing)

Risk management

Risk management is the identification, evaluation, and prioritization of risks followed by coordinated and economical application of resources to minimize, monitor, and control the probability or impact of unfortunate events or to maximize the realization of opportunities.

See Risk IT and Risk management

Swiss Life

The Swiss Life Group is the largest life insurance company of Switzerland and one of Europe’s leading comprehensive life and pensions and financial services providers, with approximately CHF 255.7 bn of assets under management.

See Risk IT and Swiss Life

Tone at the top

"Tone at the top" is a term that originated in the field of accounting and is used to describe an organization's general ethical climate, as established by its board of directors, audit committee, and senior management.

See Risk IT and Tone at the top

Val IT

Val IT is a governance framework that can be used to create business value from IT investments. Risk IT and val IT are information technology governance.

See Risk IT and Val IT

See also

IT risk management

Information technology governance

Risk analysis methodologies

References

[1] https://en.wikipedia.org/wiki/Risk_IT