\n
\nThis document provides a high level overview of this framework and the reason behind this initiative.\u00a0 It will cover some basic concepts relating to IT related risk, frameworks and how existing frameworks measure up.Subsequent blog entries will provide insights into the frameworks key concepts and definitions.<\/strong><\/span><\/div>\n
\n<\/strong><\/span><\/div>\n
\n
- \n
- IT related Risk Management<\/strong><\/li>\n<\/ul>\n
\n
This covers all IT related risks and is not just to Information Security. Examples include inadequate resources, obsolete infrastructure, staff with inadequate skills etc. In short it covers all business risks arising from IT related activities<\/span><\/p>\n
\n<\/span><\/p>\n<\/span><\/p>\n
- \n
- Essentials of a good risk management framework for IT related risk<\/span><\/strong><\/li>\n<\/ul>\n
\n
The following are the essential features of risk management framework-<\/span><\/p>\n
- \n
- Provides comprehensive coverage and not restrict itself to the technical aspects of IT.<\/span><\/li>\n
- IT related focus<\/span><\/li>\n
- Covers the full IT life cycles i.e. broadest view on IT related risk<\/span><\/li>\n
- Translates IT related risks into impact on business<\/span><\/li>\n
- Provides a continuous process from risk identification to continuous monitoring and feedback.<\/span><\/li>\n
- Provides risk treatment options<\/span><\/li>\n
- It should be easily accessible\/available to users-easily downloadable, not expensive<\/span><\/li>\n<\/ol>\n
<\/span><\/p>\n
- \n
- How does COBIT stack up against these essential features:<\/span><\/strong><\/li>\n<\/ul>\n
![\"riskiteval\"](\"https:\/\/www.qadit.com\/blog\/wp-content\/riskiteval.jpg\")
<\/span><\/p>\nAs can be seen from the graphic above COBIT provides limited guidance on risk management. Reference to risk management is limited to Process P09 of CoBIT 4.1. A similar evaluation of other frameworks COSO-ERM, ISO27000 series produced the same results. These frameworks provided only a partial coverage of IT related risk management.<\/span><\/p>\n
<\/span><\/p>\n
The summary of this evaluation is shown below:<\/span><\/strong>
![\"GAP](\"https:\/\/www.qadit.com\/blog\/wp-content\/riskiteval2.gif\")
<\/span><\/p>\nSo for e.g. COSO scores really high on the completeness of risk management scope but it does not provide in-depth coverage of IT. So is essence there is no comprehensive IT related risk management framework currently available.<\/span><\/p>\n
\n<\/span><\/p>\n<\/span><\/p>\n
<\/span><\/p>\n
- \n
- The Risk IT Framework (Risk IT)<\/span><\/strong><\/li>\n<\/ul>\n
Risk IT framework has been defined by the ITGI to ensure that this framework will bridge the gap in the comprehensiveness\/coverage space. The framework will address all risk management activities and domains and not just controls (as is the case with COBIT). It will cover all IT related risks that will affect realization on business objectives.<\/span><\/p>\n
<\/span> <\/span><\/p>\n","protected":false},"excerpt":{"rendered":"
IT risk is gaining increased attention from executive management, stakeholders and regulators alike. The COBIT framework provides a generally accepted framework for IT but this does not deal with risk management in a comprehensive manner. The ITGI has now remedied this gap with their latest initiative-a\u00a0framework\u00a0for IT related\u00a0risk management.<\/p>\n","protected":false},"author":5,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","enabled":false},"version":2}},"categories":[24],"tags":[30,29,31,28],"class_list":["post-67","post","type-post","status-publish","format-standard","hentry","category-grc","tag-governance","tag-qadit","tag-risk-compliance","tag-riskit"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p9AH7Q-15","_links":{"self":[{"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/posts\/67","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/comments?post=67"}],"version-history":[{"count":0,"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/posts\/67\/revisions"}],"wp:attachment":[{"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/media?parent=67"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/categories?post=67"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/tags?post=67"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
- The Risk IT Framework (Risk IT)<\/span><\/strong><\/li>\n<\/ul>\n
- IT related focus<\/span><\/li>\n
- Provides comprehensive coverage and not restrict itself to the technical aspects of IT.<\/span><\/li>\n
- Essentials of a good risk management framework for IT related risk<\/span><\/strong><\/li>\n<\/ul>\n