Risk Management

Download Free IT Risk Assessment Methodology Flowchart. This Flowchart is part of IT Risk Management Guidelines from NIST-SP 800:30, that could be used to getting better understanding and approach how to manage IT risk within a company. Some of the process that covered in this flowchart are:

- System Characterization, Define the scope of the effort. In this step, the boundaries of the IT system are identified, along with the resources and the information that constitute the system.
- Threat Identification, Identify the potential threat-sources and compile a threat statement listing potential threat-sources that are

1. Agree the stage breakdown with the Project Board Controls
2. Agree the format of reports to the Project Board
3. Agree the frequency of Project Board reports
4. Establish the frequency of Stage Plan updates
6. Create a Communication Plan covering required input and output information during the life of the project
6. Check that there are suffcient risk and Business Case monitoring activities in the plans

Top 10 End User Computing risk and why we should very careful with End User Computing (EUC)
1. Weak security
2. Limited backup
3. Inefficient use of resources
4. Inadequate training
5. Inadequate support
6. Incompatible systems
7. Redundant systems

Below several checklist and recommendation for Network Security Management, based on ISO 27002 / 27001
1. Following the principle of segregation of duties, operational responsibility for networks should, wherever possible, be separated from computer operations. The organization should describe within its ISMS (perhaps through a minute of the forum, or the job descriptions of the individuals) how this is achieved.

2. There should be clear responsibilities and procedures for the management of remote equipment, including in remote user areas.

1. Unclear direction
2. Overworked or underworked staff
3. People and equipment not available when needed
4. Examples of rework or wasted effort
5. The final tasks were rushed