Cover image for Risk Assessment for Asset Owners

Risk Assessment for Asset Owners

Author Steve Watkins , Alan Calder
Release Date: 2007/05/01
ISBN: 9781849281232
Topic:
0%
18
Chapters
0-1
Hours read
0k
Total Words
    Start Reading Now    
       Add to Wishlist       
View table of contents

Book Description

Understand ISO 38500: the standard for the corporate governance of IT

ISO/IEC38500 is the international standard for the corporate governance of information and communication technology. The purpose of the standard is to create a framework to ensure that the Board is appropriately involved in the governance of the organisation's IT. The standard sets out guiding principles for directors on how to ensure the effective, efficient and acceptable use of IT within their company.

This useful pocket guide provides an account of the scope and objectives of the standard. It outlines the standard's six core principles, sets out the three major tasks that the standard assigns to directors regarding IT, and explains the interrelationship between the two. The guide also offers advice on how to set up and implement the IT governance framework.

Business benefits of ISO/IEC 38500 (ISO38500) include:

  • Manage the organisation's investment in IT responsibly The pocket guide shows how the standard can be used to ensure that your decision making about IT investment remains clear and transparent, and that the associated risks are clearly understood.

  • Meet compliance requirements ISO/IEC38500 requires directors to verify that their IT systems are in compliance with all applicable regulations. As this pocket guide explains, following the procedures set out in ISO/IEC38500 will help company directors both to achieve and demonstrate compliance.

  • Improve the performance of the organisation On average, investment in IT represents more than 50 per cent of every organisation's annual capital investment. Both private and public sector organisations need to maintain a high standard of service while at the same time keeping costs low. The pocket guide looks at how following the guidance contained in ISO/IEC38500 can enable directors to retain a grip on costs and obtain better value for money from IT equipment.

  • Introduce effective project governance This pocket guide describes how ISO/IEC38500 can help company directors to identify problems in an IT project at an early stage. In this way, the standard promotes effective management of the risks associated with major IT projects, enables the board to keep a grip on budgets and militates against project failure.

Implement ISO38500, the international standard for corporate governance of IT

An IT governance framework serves to close the gap between the importance of IT and the understanding of IT. For this reason, you can use an IT governance framework to improve your company's competitive position.

"

Table of Contents

  1. ITG POCKET GUIDES
  2. CONTENTS
  3. CHAPTER 1: INTRODUCTION
  4. CHAPTER 2: INFORMATION SECURITY RISK MANAGEMENT
  5. CHAPTER 3: DEFINITIONS
  6. CHAPTER 4: ASSET OWNERS
  7. CHAPTER 5: OVERVIEW OF THE RISK ASSESSMENT PROCESS
  8. CHAPTER 6: ASSET IDENTIFICATION
    1. Asset classes
    2. Grouping of assets
    3. Asset dependencies
    4. Sensitivity classification
  9. CHAPTER 7: THREATS AND VULNERABILITIES
    1. Threats
    2. Vulnerabilities
  10. CHAPTER 8: ASSET VALUATION
    1. The asset valuation table
    2. Likelihood
  11. CHAPTER 9: RISK LEVEL
  12. CHAPTER 10: RISK TREATMENT AND CONTROL SELECTION
    1. Types of controls
    2. Risk reduction
    3. Risk assessment and existing controls
    4. Residual risk
  13. CHAPTER 11: STATEMENT OF APPLICABILITY AND RISK TREATMENT PLAN
    1. The Statement of Applicability
    2. Risk Treatment Plan
  14. CHAPTER 12: REVIEWING THE RISK ASSESSMENT