Vendor Management Using COBIT 5

op .

Vendors constitute an important part of an enterprise’s external environment. The increased use of outsourcing and cloud computing implies that vendors are taking on an increasingly fundamental role in the operations of an enterprise.

Read more: Vendor Management Using COBIT 5 >


COBIT Case Study: Risk Assessment Management Using COBIT 5

op .

As a regional US grocery chain based in a major metropolitan area, FamilyGrocer (name changed) had experienced rapid growth through new store openings and acquisitions. With a focus on supply-chain efficiencies, FamilyGrocer distributes most products to its stores through a warehouse facility that also houses key offices and IT resources. In light of the risk associated with such a consolidated operation, the IT organization received a mandate from its board of directors to formally manage IT-related risk. The mandate specifically called for an initial high-level assessment of IT organizational risk, drawing largely from internal expertise. The board also requested that the IT organization demonstrate an ongoing program to manage risk.

Read more: Risk Assessment Management Using COBIT 5 >


Quantifying Information Risk and Security

op .

Information risk and security practitioners are facing a significant problem:  A lack of meaningful metrics.

Wouldn’t it be nice to be able to tell senior managers, “The risk that a significant information security incident will happen this month is 9 percent.” Meteorologists have been doing this for many years; however, they are often wrong and the majority of people receiving this information don’t actually understand what it means.

Information risk should be thought of as an uncertainty. Risk can, and is, quantified using heat maps or risk matrices with green, yellow and red boxes, which are, at best, informed guesses. Worse, these maps/matrices do not properly reflect the situation of an unthinkable, extremely low probability event that if it happened, would have a huge impact.

Read more: Quantifying Information Risk and Security >



ISACA geeft examentrainingen om de titel CISA te mogen voeren. CISA is een wereldwijd erkend certificaat voor IS audit control. Het toont aan dat u de benodigde ervaring, skills en kennis heeft om veiligheidsrisico's te detecteren en betrouwbare audits uit te voeren.

Lees meer over de CISA-training


Als CISM bent u in staat om zelfstandig informatieveiligheid te analyseren. ISACA verzorgt een examentraining voor CISM, die zowel ruimte biedt voor het bijspijkeren van kennis als concrete oefeningen voor het examen.

Lees meer over de CISM examentraining