Dear friends,
Here are the balance mnemonic words for the CHAPTER -1 of ISCA
I have also uploaded word files for Chapter 1 and Chapter 4. Kindly download and do the reformatting as per your convenience and shorten the length if possible so that u can carry anywhere easily.
IS Risks can be in the form inadequate disclosure, increasing electronic frauds etc.
IT based Information system is subject to Inherent risks.
Inherent risks are risks which cannot be eliminated but can be mitigated by appropriate security
Risk management is ‘Assessing risks’ and ‘Reducing to an acceptable level’ through appropriate security/ controls.
Controls are classified as Preventive, Detective and Corrective
Appropriate security/ controls assures that –
- CIA (Confidentiality, Integrity and Availability) of data is maintained
- Access to data is restricted to authorized users only
- Computer facilities are available at all times
Sources of Risks : LEH New Trekking Mission
- Legal and Commercial Relationships
- Economic circumstances
- Human behavior
- Natural events
- Technology and Technical issues
- Management activities
Terms / Definition :
- Assets
- Vulnerability
- Threat
- Exposure
- Likelihood
- Attack
- Risk
- Residual Risk
Reasons for Gap between Need to protect system and protection applied : HIDE & U C ME (Prof. Jignesh Chheda)
- External dangers from Hackers
- Inter connectivity of systems
- Devolution of management & control
- Elimination of Time, Distance, Space constraints
- Widespread Use of technology
- Unevenness of technological Changes
- Growing potentials for Misuse
Risk Management Strategies : AE’S Means International (T5)
- Accept the Risk / Tolerate
- Eliminate the Risk / Terminate
- Share the Risk / Transfer
- Mitigate the Risk / Treat
- Ignore the Risk / Turn Back
Key Governance practices - Risk Management : EDM
- Evaluate – Risk Management
- Direct – Risk Management
- Monitor – Risk Management
Key Management practices - Risk Management : CA - PAAR
- Collect Data
- Analyse Risk
- Maintain Profile of Risk
- Articulate Risk
- Define Action Portfolio of Risk management
- Respond to Risk
Key Metrics of Risk Management : Critical Incidents in EU (European Union)
- % of Critical business process covered by risk assessment
- No.s of IT related Incidents not identified in risk assessment
- % of Enterprise risk assessments
- Frequency of Updating risk profile
Key Management practices of IT Compliance : Indian Originated CO.
- Identify External compliance requirement
- Optimize response to External requirement
- Confirm External compliance
- Obtain assurance of External compliance
Key Metrics for assessing compliance with External laws : Cancel RAC
- Cost of IT non-compliance (settlement fines)
- Reporting to the board of IT non-compliance
- Non compliance related to Agreement with IT service providers
- Coverage of compliance assessment
Key Metrics for compliance with Internal Policies : India – US Friends
- Incidents related to non-compliance to policy
- % of stake holders who Understand policies
- % of policies supported by effective Standards
- Frequency of policies review
COBIT 5
Need for use of COBIT 5 by enterprises : BREV – Captain
- Development of Business focused IT solutions
- Reduce IT related risks
- Enterprise wide involvement in IT related activities
- Value creation from use of IT
- Compliance with Laws & regulations
5 Principles of COBIT 5 : MCA Enabling Success
- Meeting Stakeholders needs
- Covering Enterprise End –to-End
- Applying a Single Integrated framework
- Enabling a Holistic approach
- Separating Governance from Management
7 Enablers of COBIT 5 : PPF Processes OC Into SP
- Principles, Policies and Framework -translates desired behavior into practical guidance for day-to-day management
- Processes describes organized set of practices to achieve certain objectives
- Organizational structure are key decision making entities in enterprise
- Culture, Ethics and Behavior of the individuals often underestimated as a success factor
- Information is pervasive throughout the organization
- Services, Infrastructure and Applications provides enterprise with information technology processing and services
- People, Skills and Competencies are linked to people and are required for successful completion of all activities and taking corrective decisions
Components in COBIT 5 : Full Pest Control in Mahindra & Mahindra
- Framework - Organize It governance objectives, good practices and links them to business requirement
- Process Description - ‘Reference process model’ and ‘Common language’ for everyone in organization
- Control Objectives - Provide set of high level requirements for effective control of each IT process
- Management guidelines - Helps assign responsibilities, agree on objectives and measure performance
- Maturity Models - Assesses maturity and capability per process and helps to address gaps
Benefits of COBIT 5 : High Court Banned OMG! Movie
- Enables It to be governed in Holistic manner for entire organization taking full end-to-end business
- Comprehensive Framework enables enterprise in achieving objectives
- Enables increased Business user satisfaction and clear policy development
- Enables enterprise to create Optimal value from IT by maintaining balance between realizing benefits and optimizing risks levels
- Enables enterprise to Manage IT related risks and ensure compliance
- Generic Framework hence useful for enterprises of all sizes, whether Commercial, Non-profit or Public sector
Goals used to measure successful Implementation of GRC : Reliance CEO Sacked by Reliance Chairman
- Redundant (extra) controls - Reduction
- Control failures in key areas - Reduction
- Expenditure related to Legal, Regulatory areas - Reduction
- Overall time for audit of key business areas - Reduction
- Streamlining of processes and time reduction through automation
- Reporting of compliance issues and remediation in timely manner
- Compliance status and key issues to senior management on real time basis
Several Key components evaluated by Internal auditor for Effective IT governance : Law Of Pakistan Requires Controls & Performance
- Performance Measurement - Review the system in place to measure the outcome
- Controls - Review the key controls that are defined by IT to manage its activities
- Risks - i) Review the processes to identify, assess and mitigate risks within organization ; ii) Accountability of the person responsible for Risk Management
- Processes - Review IT Process activities and Controls in place to mitigate risks to organization
- Organizational structure - i) Review how Management and IT personnel are communicating across the organization
- Leadership - i) Assess involvement of IT leadership in organization’s strategic goals ; ii) Review roles and responsibilities assigned within IT organization