...Lab 2 Align Risk, Treats, & Vulnerabilities to COBIT P09 Risk Management Controls 1. Risk Factors a. Remote communications from home office (MEDIUM Risk) b. LAN server OS has known software vulnerability (HIGH Risk) c. User downloads an unknown e-mail attachment (HIGH Risk) 2. COBIT Risk Management * No. * Yes, the identified software vulnerabilities relate to risk context for both internal and external access. * Yes, the identified software vulnerabilities themselves are events that represent risk identification. Once identified, the event can be assessed for risk. * Yes, once risk events are identified (such as software vulnerabilities), they can properly assessed (quantitatively or qualitatively). * Yes, once the risk has been assessed (high, medium, low) the response that risk can be aligned appropriately. * No. 3. Vulnerability impacts a. Remote communications from home office (Confidentiality) b. LAN server OS has known software vulnerability (Integrity) c. User downloads an unknown e-mail attachment (Availability) 4. Effectiveness, Efficiency, Compliance, and Reliability 5. Mitigated and managed a. Remote communications from home office * Information – Medium Impact, Firewall, Keep up to date * Application – Low Impact, HTTPS for email websites, Make sure it is secured * Infrastructure – Medium Impact, Workstation must have malware and anti-virus detection, Keep up to date * People...
Words: 794 - Pages: 4
...Crisis Management may be defined as the process of preparing for and responding to an unpredictable negative event to prevent it from turning into an even bigger problem, or becoming a full-blown, widespread, life-threatening disaster. It involves the execution of well-coordinated actions to control the damage and preserve or restore confidence in the system under crisis. Risk management, on the other hand, is a process for identifying, assessing, and prioritizing risks of different kinds. Once the risks are identified, the risk manager will create a plan to minimize or eliminate the impact of negative events. Common risks include things like accidents in the workplace or fires, tornadoes, earthquakes, and other natural disasters. It can also include legal risks like fraud, theft, and sexual harassment lawsuits. Risks can also relate to business practices, uncertainty in financial markets, failures in projects, credit risks, or the security and storage of data and records. Theories have been developed to study crisis. Among this theories is High Reliability Theory and Normal Accident Theory. Normal Reliability Theory (HRT) dwells on perception that we can learn from our operating and regulatory mistakes, put safety first and empower lower levels thus making risky quite safe. It asserts that organizations can contribute significantly to the prevention of accidents. National Accident Theory (NAT) operates on the premises that no matter how hard we try there will always...
Words: 777 - Pages: 4
...Meaning of Risk: Risk is defined as the probability of an event and its consequences. Risk management is the practice of using processes, methods and tools for managing these risks. Meaning of Uncertainty: Uncertainty is a state where the extent of risk and when the risk hits is unknown, (ie) – we know what the risk is but are uncertain of the outcome yet. The main categories of risk to consider are: • Strategic Risk: Strategic risks are those risks associated with operating in a particular industry. - for example a competitor coming on to the market • Compliance: Compliance risks are those associated with the need to comply with laws and regulations. They also apply to the need to act in a manner which investors and customers expect, for example, by ensuring proper corporate governance.- for example the introduction of new health and safety legislation • Financial: Financial risks are associated with the financial structure of your business, the transactions your business makes and the financial systems you already have in place. -for example non-payment by a customer or increased interest charges on a business loan • Operational: Operational risks are associated with your business' operational and administrative procedures- for example the breakdown or theft of key equipment Other risks include: • environmental risks, including natural disasters • employee risk management, such as maintaining sufficient staff numbers and cover, employee safety and up-to-date...
Words: 370 - Pages: 2
...Lab 2 - Align Risks, Threats, and Vulnerabilities to COBIT PO9 Risk Mgmt. Controls Part 1 4. Discuss the primary goal of the COBIT v4.1 framework. Provide a basic description of cobit. * The purpose of Control Objectives for Information and related Technology (COBIT) is to provide management and business process owners with an information technology (IT) governance model that helps in delivering value from IT and understanding and managing the risks associated with IT. COBIT helps bridge the gaps amongst business requirements, control needs and technical issues. It is a control model to meet the needs of IT governance and ensure the integrity of information and information systems. 5. Explain the major objective of the Control area (COBIT 4.1 Controls Collaboration link on the left side of the COBIT website) * “The COBIT Controls area within ISACA's Knowledge Center promotes collaboration and sharing of information, solutions and experience among COBIT users.” 6. From the COBIT Domains and Control Objectives section, list each of the types of control objectives and briefly describe them based on the descriptions on the website. * Plan and Organize – “This domain covers strategy and tactics, and concerns the identification of the way IT can best contribute to the achievement of the business objectives. The realization of the strategic vision needs to be planned, communicated and managed for different perspectives. A proper organization as well as technological...
Words: 4162 - Pages: 17
...APPROACHES TO CREDIT RISK MEASUREMENT: INTRINSIC RISK There are three basic approaches to credit risk measurement at individual loan intrinsic level that are used for various types of loans such as commercial loans, project and infrastructure finance, consumer and retail loans. They are: * Expert Systems * Credit Rating * Credit Scoring Expert Systems: In an expert system, the decision to lend is taken by the lending officer who is expected to possess expert knowledge of assessing the credit worthiness of the customer. Accordingly the success or failure very much depends on the expertise, judgment and the ability to consider relevant factors in the decision to lend. One of the most common expert systems is the five “C’s” of credit. The five C’s are as under (Saunders, 1999): 1. Character: Measure of reputation of the firm, its willingness to repay and the repayment history. 2. Capital: The adequacy of equity capital of the owners so that the owner’s interest remains in the business. Higher the equity capital, better the creditworthiness. 3. Capacity: The ability to repay is measured by the expected volatility in the sources of funds intended to be used by the borrower for the repayment of loan along with interest. Higher the volatility of this source, higher the risk and vice versa. 4. Collateral: Availability of collateral is important for mitigating credit risk. Higher the value of the collateral, lower would be the risk and vice versa...
Words: 422 - Pages: 2
...of correct training on mitigating those biases. Both of these article relate to the role of forensic psychiatry in the legal system. Yeo (2002), looks into a specific Supreme Court of Canada decision in R. v Stone. He explores the advantages of the conclusions reached by this decision. Reynolds and Miles (2009) in a pilot study explored the effect of training on the quality of a HCR-20 assessment. The HCR-20 is a approach to assess the risk of violence that a mentally disordered patient could have. Both of these papers...
Words: 802 - Pages: 4
...and other users with compatible devices without been tied to printer cables and other peripheral device connection. This is very important in a doctor’s office because patients and doctors move from room to room depends on the type of test they are doing. Having mobile device makes it easier for them to do their jobs easier and it can even help cut wiring costs (Patricia & Donna, 2008). In the other hand there are many risks inherent in using wireless and mobile technologies. Wireless networks face the same threats as conventional wired network because intruders who gain access to information systems via wireless communication can bypass firewall protection and expose patient’s information and data. Besides lunching denial of service attacks, insert viruses or malicious code, disable operations, most importantly they can violate the privacy of patients and even steal their identities. Risk of using wireless or mobile technology makes it easier to come up with a plan is place to try preventing further actions. This open connectivity brings with it risks, however, some of which are similar to those in wired networks, while others are unique and increased on wireless networks. Poor security standards, coupled with immature technologies, flawed implementations and limited user awareness, make it difficult to design and deploy secure wireless networks. Wireless security threats include confidentiality, integrity and availability (CIA) of resources and information. Organizations...
Words: 671 - Pages: 3
...VIOLENCE 2 Assessing and Diffusing the Angry Patient to Prevent Workplace Violence The decline of manners is well noted in society with bullying rampant in the schools and a new breed of language such as “road rage”, going “postal” and “whacked” becoming accepted mainstream lingo. In service transactions, which do include nursing, rudeness is widespread where the customer (i.e., the patient) has the mentality that s/he is always right. Moreover, the healthcare setting, a place where one usually goes for necessities, not optional visits, is often scenes of chaos fraught with intense anxiety and nerves. Those moods and environment coupled together is a powder keg for violence; unfortunately, workplace violence for healthcare workers. Workplace violence (WPV) can take many forms, including verbal and emotional abuse; physical assault; threats of physical violence; bullying, unwanted sexual advances; and various forms of harassment (Chapman, Perry, Styles & Combs, 2009). According to the CDC, healthcare workers are four times more likely to be assaulted in the workplace than people who work in the private sector (Moz, 2009). Nurses are vulnerable to WPV given their occupation requirements and need to interact with patients. Of the various specialties of nursing, nurses who work in the emergency departments (ED), psychiatric units, and nursing homes, often encountered the greatest risk. Flores (2008) noted that in a national survey...
Words: 1262 - Pages: 6
...Deliverable 4: Risk Management Table of contents 1. Introduction 2. Scheme Used for Risk Management. 3. Risk Management Strategies 3.1. Risk Register 3.2. Risk Treatment 4.Risk management incorporated as activities in project 5. Others 1. Introduction. It should not surprise to anyone that the concept of risk and its identification, management and control risk will be one of the major forces the project stakeholders. We will need to collectively address and acknowledge by all the project stakeholders to the project all exist in an climate of change-and change brings with it one constant :risk. The goal of risk management is to ensure that a suitable risk response mechanism is put in place to reduce the resulting consequences in the project. 2. Standard Used for Risk Management Process. Standard "AS/NZS ISO 31000:2009 is used for this proposed project to mitigating project risk-from concept through to finalisation. 3. Risk Management Plan. 3.1. Risk Register. We have developed a Risk register for the current project. Qualitative risks has been categorised and based on likelihood /their consequences ratings. We have used Table: 1 for the level of Likelihood and Table: 2 for its consequences. Table: 3 the Risk severity Matrix has been used to identify the risk priority of the project. [pic] Table. 1 [pic] Table. 3 3.2. Risk Treatment. Identifying, assessing, analysing and managing risk at the start of the project does mean that Project...
Words: 576 - Pages: 3
...Following are multiple choice questions recently released by the AICPA. These questions were released by the AICPA with letter answers only. Our editorial board has provided the accompanying explanations. Please note that the AICPA generally releases questions that it does NOT intend to use again. These questions and content may or may not be representative of questions you may see on any upcoming exams. 2006 AICPA Newly-Released Auditing Questions An auditor observes the mailing of monthly statements to a client's customers and reviews evidence of follow-up on errors reported by the customers. This test of controls most likely is performed to support management's financial statement assertions of: Presentation and disclosure Yes Yes No No Existence or occurrence Yes No Yes No a. b. c. d. ANSWER: Choice "c" is correct. In testing the existence or occurrence assertion, the auditor is concerned that fictitious or overstated receivables may have been recorded. Observing the mailing of monthly statements and reviewing evidence of follow-up on errors reported by customers provides evidence that procedures are in place to identify and correct such errors. Choice "a" is incorrect. Observing the mailing of monthly statements and reviewing evidence of follow-up on errors reported by customers does not provide any assurance regarding how receivables are presented and disclosed in the financial statements. Choice "b" is incorrect. Observing the mailing of monthly statements...
Words: 11923 - Pages: 48
...Risk Template Introduction Identifying the risks and issues associated with procurement, both individually and collectively, are important to the successful completion of a project. When procurements are effectively managed, money and time on a project can be ultimately saved. During the procurement management process of a project, risks are identified, assessed, and a plan is chosen as to how to close those identified risks. There are many different procurement risk types dependent on the scope and details of the project. What is Risk Management? Risk management is an activity which integrates the identification of risk, risk calculation, developing approaches to manage the risk, and plan of alleviation using corporate resources (Berg, 2010). Systems are put into place to ensure organizational participants are continually proactive as well as reactive to possible or emerging risks. Risks are found throughout every stage, step, and facet of a project. Identifying potential risks as well as planning to cope with on-going or emerging risks is crucial to project success and completion. The institution of an adequate risk management system will effectively enable some control over the risks of a project. The implementation of this system is extensive and should be integrated into the framework, mission, and culture of operations to produce successful organizational objectives and to properly evaluate and manage the combined level of risk (Ulrik & Sof, 2014)...
Words: 1185 - Pages: 5
...University Business Impact Analysis and Risk Assessment for Information Resources General Information & Process Description Introduction The IT Security and Policies area within Information Technology Services is responsible for establishing policies to ensure that Iowa State University has a secure information technology environment. This document defines a process for departments to perform a business impact analysis and risk assessment for their information resources. Once an assessment has been done, the resulting documents should be maintained and regularly reviewed by the department. By using the business impact analysis and risk assessment tool defined in this document, departments have the capability to identify and respond to risks for their systems and information resources. Departments are encouraged to contact the Information Technology Security and Policies area at 4-2588 if they have specific questions or if they would like to arrange a meeting to discuss the process on an individual basis. Business Impact Analysis and Risk Assessment Guaranteed absolute security in today’s information technology environments is not realistic. However, it is important to have a process of identifying resources and associated risks, determining their magnitude, and identifying what safeguards are needed. That process is what we are referring to as business impact analysis and risk assessment. It is the department’s responsibility...
Words: 3038 - Pages: 13
...The idea of the framework is to integrate the analytical and policy elements of financial stability and provide a framework of practical measures. It is suggested that a framework for financial stability will have 3 main objectives: To achieve early identification of potential risks and vulnerability of the system | To promote preventative and timely remedial policies to avoid financial instability | To resolve instabilities when the preventative and remedial policies fail. | The US approach tends to follow the traditional “shock transmission” approach that was the basis of many policy orientated frameworks. In this approach the system was considered to remain in a state of equilibrium if undisturbed or would adjust to a different state if and when a shock was experienced. This approach concord with the view that financial stability is not a defined static state but should be viewed as a continuum in which problems and imbalances may develop or be resolved through the self corrective mechanisms of the financial systems or the imbalances accumulate to the point that outside action would be required. The ultimate goal of the framework is to prevent problems from occurring or to resolve problems if prevention fails. However there are differences that emanate from differing cultural attitudes. In the US for example, there is more emphasis towards leaving corrections to the market and for the regulator to intervene when the market does not correct the problem. Financial...
Words: 738 - Pages: 3
...Operational Risk Management Interpreting Operational Risk Operational risk is the risk of loss resulting from inadequate or failed internal processes, people, systems and external events. This definition includes legal risk but excludes reputational risk and strategic risk. Therefore, in line with the Basel II risk management framework and best practices, operational risk in the Bank is composed of the following risk types: operations risk, legal risk, regulatory compliance risk, financial crime risk, people risk, property, technology, vendor, financial, and environmental risk. KIRU HAS A SMALL PART (TYPES OF OPERATIONAL RISK) HERE.WE WILL SEND YOU TODAY ITSELF.IF NOT IGNORES THAT PART. Operational risk management at NDB Operational Risk Management at NDB Operational risk is recognized as a distinct risk category which the Bank strives to manage within acceptable levels through sound operational risk management practices. The Bank's approach to managing operational risk is to adopt practices that are most appropriate and relevant considering the organizational maturity and business environment. Operational risk exposure is managed through comprehensive set of internal controls and management processors that cover risk assessment (Identification, description and estimation), risk evaluation, reporting, mitigation, residual risk reporting and monitoring and control associated with our business operations as an ongoing activity. Further, the Bank recognizes the significance...
Words: 1669 - Pages: 7
...The Global Financial Crisis: Assessing Vulnerability for Women and Children, Identifying Policy Responses Mayra Buvinic World Bank February 2009 The current global financial crisis, on top of recent food price increases (which, while down from their peak last year continue to affect the poor in developing countries), will have serious gender specific consequences for women in poor countries and their children. While women (and men) in most developing countries are vulnerable to increased risk of poverty and hardship, exposure to gender-specific negative impacts are particularly high in a subset of countries. These are countries where pre-existing high infant mortality rates and/or low rates of female schooling, combined with decelerating growth rates, substantially raise the vulnerability of women and girls to the deleterious effects of the crisis. Their situation is even more precarious in the sub-set of countries where limited fiscal resources constrain governments’ ability to cushion human impacts. If left unchecked, these crisis consequences on women will reverse progress in gender equality and women’s empowerment (and in meeting the MDGs), increase current poverty and imperil future development. Fortunately, policy responses which build on women’s roles as economic agents and their preference for investing resources in child well-being can go a long way towards mitigating these negative effects. These responses are good for women and for development–...
Words: 1801 - Pages: 8
