Risk management – where the rubber hits the road.
Tracking the latest guidance regarding risk management is always productive as the next big event might just happen under your watch. Managing outsourced arrangements is a huge challenge for both IT and IT security, whether its entire services being outsourced or specific project efforts.
Finally, implementing robust change management processes is one of those proactive, stabilizing activities that dramatically improves the reliability and effectiveness of Security and IT, check it out.
Good luck and have another great week.
1. IT Compliance Institute (ITCi) – “IT Audit Checklist for Risk Management”.
Are you prepared for your next risk management audit? Know what to expect.
Note – a brief registration is required (to download the free white paper).
http://www.itcinstitute.com/display.aspx?id=2499
2. Keeping Up Your SOX Compliance and Turning IT into a High Performer by Improving Change Control. Study the extensive benefits of establishing a robust change management and change auditing practices including the latest research by ITPI (IT Process Institute).
http://www.tripwire.com/resources/asset_request.cfm?aid=2184
3. Managing Enterprise Risk in Today’s World of Sophisticated Threats: A Framework for Developing Broad-Based, Cost-Effective Information Security Programs
http://csrc.nist.gov/groups/SMA/fisma/framework.html
Other NIST white papers – csrc.nist.gov/sec-cert/ca-library.html#fisma-white-paper
4. The Risk Management and Governance (RMG) Board develops practical, easy-to-read documents about governance issues. A review of all the publications is regularly conducted to ensure that they remain current and relevant.
http://www.rmgb.ca/index.cfm/ci_id/243/la_id/1.htm
5. Information Technology Outsourcing
This paper presents a perspective on the matters that an organization addresses when considering IT outsourcing as an option. It is intended to provide topics for the consideration of business managers and auditors when they make or examine outsourcing decisions.
6. 20 Questions Directors Should Ask About Information Technology Outsourcing