Risk
Páginas: 163 (40522 palabras)
Publicado: 17 de enero de 2013
THE RISK IT
FRAMEWORK
Principles
Process Details
Management Guidelines
Maturity Models
THE RISK IT FRAMEWORK
ISACA®
With more than 86,000 constituents in more than 160 countries, ISACA (www.isaca.org) is a leading global provider of knowledge,
certifications, community, advocacy and education on information systems assurance and security, enterprise governance of IT, and
IT-relatedrisk and compliance. Founded in 1969, ISACA sponsors international conferences, publishes the ISACA® Journal, and
develops international information systems auditing and control standards. It also administers the globally respected Certified
Information Systems Auditor™ (CISA®), Certified Information Security Manager® (CISM®) and Certified in the Governance
of Enterprise IT® (CGEIT®)designations.
ISACA developed and continually updates the COBIT®, Val IT™ and Risk IT frameworks, which help IT professionals and enterprise leaders
fulfil their IT governance responsibilities and deliver value to the business.
Disclaimer
ISACA has designed and created The Risk IT Framework (the ‘Work’) primarily as an educational resource for chief information officers
(CIOs), senior management and ITmanagement. ISACA makes no claim that use of any of the Work will assure a successful outcome.
The Work should not be considered inclusive of all proper information, procedures and tests or exclusive of other information, procedures
and tests that are reasonably directed to obtaining the same results. In determining the propriety of any specific information, procedure or
test, officers andmanagers should apply their own professional judgement to the specific control circumstances presented by the particular
systems or information technology environment.
Reservation of Rights
© 2009 ISACA. All rights reserved. No part of this publication may be used, copied, reproduced, modified, distributed, displayed, stored in
a retrieval system or transmitted in any form by any means(electronic, mechanical, photocopying, recording or otherwise) without the prior
written authorisation of ISACA. Reproduction and use of all or portions of this publication are permitted solely for academic, internal and
non-commercial use and for consulting/advisory engagements, and must include full attribution of the material’s source. No other right or
permission is granted with respect to this work.ISACA
3701 Algonquin Road, Suite 1010
Rolling Meadows, IL 60008 USA
Phone: +1.847.253.1545
Fax: +1.847.253.1443
E-mail: info@isaca.org
Web site: www.isaca.org
ISBN 978-1-60420-111-6
The Risk IT Framework
Printed in the United States of America
CGEIT is a trademark/service mark of ISACA. The mark has been applied for or registered in countries throughout the world.
2
© 2009ISACA. A
LL
R
IGHTS
R
ESERVED
.
ACKNOWLEDGEMENTS
ACKNOWLEDGEMENTS
ISACA wishes to recognise:
Development Team
Dirk Steuperaert, CISA, CGEIT, IT In Balance BVBA, Belgium, Chair
Steven De Haes, Ph.D., University of Antwerp Management School, Belgium
Gert du Preez, CGEIT, PricewaterhouseCoopers, Belgium
Rachel Massa, CISSP, PricewaterhouseCoopers LLP, USA
Bart Peeters,PricewaterhouseCoopers, Belgium
Steve Reznik, CISA, PricewaterhouseCoopers LLP, USA
IT Risk Task Force (2008-2009)
Urs Fischer, CISA, CIA, CPA (Swiss), Swiss Life, Switzerland
Steven Babb, CGEIT, KPMG, UK
Brian Barnier, CGEIT, ValueBridge Advisors, USA
Jack Jones, CISA, CISM, CISSP, Risk Management Insight LLC, USA
John W. Lainhart IV CISA, CISM, CGEIT, IBM Business Consulting Services, USA
,Gladys Rouissi, CISA, MComp, Commonwealth Bank of Australia, Australia
Lisa R. Young, CISA, CISSP, Carnegie Mellon University, USA
Expert Reviewers
Mark Adler, CISA, CISM, CGEIT, CFE, CFSA, CIA, CISSP, Commercial Metals, USA
Steven Babb, CGEIT, KPMG, UK
Gary Baker, CGEIT, CA, Deloitte and Touche LLP, Canada
Dave H. Barnett, CISM, CISSP, CSDP, CSSLP, Applied Biosystems, USA
Brian Barnier,...
FRAMEWORK
Principles
Process Details
Management Guidelines
Maturity Models
THE RISK IT FRAMEWORK
ISACA®
With more than 86,000 constituents in more than 160 countries, ISACA (www.isaca.org) is a leading global provider of knowledge,
certifications, community, advocacy and education on information systems assurance and security, enterprise governance of IT, and
IT-relatedrisk and compliance. Founded in 1969, ISACA sponsors international conferences, publishes the ISACA® Journal, and
develops international information systems auditing and control standards. It also administers the globally respected Certified
Information Systems Auditor™ (CISA®), Certified Information Security Manager® (CISM®) and Certified in the Governance
of Enterprise IT® (CGEIT®)designations.
ISACA developed and continually updates the COBIT®, Val IT™ and Risk IT frameworks, which help IT professionals and enterprise leaders
fulfil their IT governance responsibilities and deliver value to the business.
Disclaimer
ISACA has designed and created The Risk IT Framework (the ‘Work’) primarily as an educational resource for chief information officers
(CIOs), senior management and ITmanagement. ISACA makes no claim that use of any of the Work will assure a successful outcome.
The Work should not be considered inclusive of all proper information, procedures and tests or exclusive of other information, procedures
and tests that are reasonably directed to obtaining the same results. In determining the propriety of any specific information, procedure or
test, officers andmanagers should apply their own professional judgement to the specific control circumstances presented by the particular
systems or information technology environment.
Reservation of Rights
© 2009 ISACA. All rights reserved. No part of this publication may be used, copied, reproduced, modified, distributed, displayed, stored in
a retrieval system or transmitted in any form by any means(electronic, mechanical, photocopying, recording or otherwise) without the prior
written authorisation of ISACA. Reproduction and use of all or portions of this publication are permitted solely for academic, internal and
non-commercial use and for consulting/advisory engagements, and must include full attribution of the material’s source. No other right or
permission is granted with respect to this work.ISACA
3701 Algonquin Road, Suite 1010
Rolling Meadows, IL 60008 USA
Phone: +1.847.253.1545
Fax: +1.847.253.1443
E-mail: info@isaca.org
Web site: www.isaca.org
ISBN 978-1-60420-111-6
The Risk IT Framework
Printed in the United States of America
CGEIT is a trademark/service mark of ISACA. The mark has been applied for or registered in countries throughout the world.
2
© 2009ISACA. A
LL
R
IGHTS
R
ESERVED
.
ACKNOWLEDGEMENTS
ACKNOWLEDGEMENTS
ISACA wishes to recognise:
Development Team
Dirk Steuperaert, CISA, CGEIT, IT In Balance BVBA, Belgium, Chair
Steven De Haes, Ph.D., University of Antwerp Management School, Belgium
Gert du Preez, CGEIT, PricewaterhouseCoopers, Belgium
Rachel Massa, CISSP, PricewaterhouseCoopers LLP, USA
Bart Peeters,PricewaterhouseCoopers, Belgium
Steve Reznik, CISA, PricewaterhouseCoopers LLP, USA
IT Risk Task Force (2008-2009)
Urs Fischer, CISA, CIA, CPA (Swiss), Swiss Life, Switzerland
Steven Babb, CGEIT, KPMG, UK
Brian Barnier, CGEIT, ValueBridge Advisors, USA
Jack Jones, CISA, CISM, CISSP, Risk Management Insight LLC, USA
John W. Lainhart IV CISA, CISM, CGEIT, IBM Business Consulting Services, USA
,Gladys Rouissi, CISA, MComp, Commonwealth Bank of Australia, Australia
Lisa R. Young, CISA, CISSP, Carnegie Mellon University, USA
Expert Reviewers
Mark Adler, CISA, CISM, CGEIT, CFE, CFSA, CIA, CISSP, Commercial Metals, USA
Steven Babb, CGEIT, KPMG, UK
Gary Baker, CGEIT, CA, Deloitte and Touche LLP, Canada
Dave H. Barnett, CISM, CISSP, CSDP, CSSLP, Applied Biosystems, USA
Brian Barnier,...
Leer documento completo
Regístrate para leer el documento completo.