Free Essay

Manage Risk in Information Technology

In: Computers and Technology

Submitted By jmmuro
Words 2406
Pages 10
Purpose
The purpose of this disaster recovery plan is to provide guidelines and procedures to be followed to facilitate the rapid recovery from an actual disaster. It also is designed to get information that would be required in a disaster situation. This information could require costly hours and even be impossible to attain after a disaster strikes. Many portions of this plan will change with time. Therefore the plan must be updated and maintained as changes occur. It is intended that the plan be reviewed by senior management at least annually during the fourth qtr of the year. All team leaders are expected to keep staff personal information contained in the appendices of this plan confidential. All team leaders are expected keep a copy of the Disaster Recovery Plan readily assessable from home and a copy readily assessable at their office location at all times.
Levels of Disasters
There are three levels of disasters which require different actions. Level 1 – Short-term or temporary equipment outages. These outages can be caused by power or equipment failure and may last up to 24 hours. In the event of rolling black outs or other short term power outages Perfect -10’s normal priority of concerns will be in effect. The first step is the safety of all members and staff. Second we want to protect the assets of Perfect -10’s and finally we want to make everyone involved as comfortable as possible. The senior member of management at each location will ensure that the building is secure by locking the door. A staff member will be assigned to operate the locked door. Each transaction that is in process will be completed as much as possible and the member will be escorted out of the building. Level 2 – long-term equipment outages were the data center itself is still intact and functional. This level indicated that data processing function on existing equipment could not continue for a extended period of time. Long term outages could be cause by such things as employee sabotage or water leaking into and destroying equipment.

Level 3 - long-term outage where the data center and the surrounding building has been destroyed or no longer usable. This type of catastrophic condition could be cause by fire, flood, etc. or other natural disasters. During an outage of this nature all functions normally preformed at this location would be diverted to back up locations.
Control center The purpose of the control center is to establish a base to control all aspects of the recovery process. The control center location will vary depending on the level of the disaster. Level I and many level to disasters will leave the Northeast office off 35 & 410 (San Antonio Men’s Club) intact and it would therefore serve as a control center.
Contingency Plan Is intended to provide a framework for constructing plans to ensure the safety of employees and the resumption of time-sensitive operations and services in the event of an emergency (fire, power or communications blackout, tornado, hurricane, flood, earthquake, civil disturbance, etc.)
Purpose
The purpose of this plan is to enable the sustained execution of mission critical processes and information technology systems for Perfect-10 in the event of an extraordinary event that causes these systems to fail minimum production requirements. The Perfect-10 Contingency Plan will assess the needs and requirements so that Perfect-10 may be prepared to respond to the event in order to efficiently regain operation of the systems that are made inoperable from the event.
Scope
Insert information on the specific systems, locations, Facility divisions, technical boundaries and physical boundaries of the Perfect-10 Contingency Plan.

Plan Information The Contingency Plan contains information in two parts related to the frequency of updates required. The first part contains the plan’s static information. The second part contains the plan’s dynamic information. This dynamic information is viewed as the action plan. The action plan should be considered a living document and will always require continuing review and modification in order to keep up with the changing Perfect-10 environment. It is The static information part of the Contingency Plan is contained in a MS-Word file and printed as part of this document. This static information should be read and understood by all employees, users, and administrators of the Perfect-10 or at least by those individuals who are involved in any phase of business response, resumption, recovery, or restoration. The dynamic information resides in the database of the DTMX01 and will be printed as output for the appendixes of this document. By using the database, dynamic information that is vital to the survival of the Perfect-10 will be easy to manage and update. The web-enabled database is designed for maintenance of personnel contact lists, emergency procedures, and technical components. For ease of use and reference, the static and dynamic information is maintained separately. While it is necessary to be familiar with the static information during resumption, it should not be necessary to read that information at the time of the event. The completed action plan of dynamic information provides all of the necessary lists, tasks, and reports used for response, resumption, or recovery. The primary focus of a contingency plan revolves around the protection of the two most important assets of any organization: personnel and data. All facets of a contingency plan should address the protection and safety of personnel and the protection and recovery of data. The primary objective of this plan is to establish policies and procedures to be used for information systems in the event of a contingency to protect and ensure functioning of those assets. This includes establishing an operational capability to process pre-designated critical applications, recovering data from off-site backup data sets, and restoring the affected systems to normal operational status.
Organization
In the event of a disaster or other circumstances which bring about the need for contingency operations, the normal organization Perfect-10 will shift into that of the contingency organization. The focus of Perfect-10 DTMX01 will shift from the current structure and function of “business as usual” to the structure and function of Perfect-10 DTMX01 working towards the resumption of time-sensitive business operations. In this plan, the Perfect-10 DTMX01 contingency organization will operate through phases of response, resumption, recovery, and restoration. Each phase involves exercising procedures of the Perfect-10 DTMX01 Contingency Plan and the teams executing those plans. The teams associated with the plan represent functions of a department or support functions developed to respond, resume, recover, or restore operations or facilities of the Perfect-10 DTMX01 and its affected systems. Each of the teams is comprised of individuals with specific responsibilities or tasks, which must be completed to fully execute the plan. Primary and alternate team leaders, who are responsible to the plan owner, lead each team.
RA OBJECTIVE One of the first steps of implementing the Contingency Program for Perfect-10 is to conduct a Risk Assessment (RA). This will help Perfect-10 to identify the current risks and threats to help implement, eliminate, or reduce potential risks. Once completed, the RA Project team will analyze the data and create prioritized risk reduction (mitigation) strategies to present to senior management.
Preventative Measures The following list contains examples of preventative measures that can be implemented by Perfect-10 to mitigate the potential risks that currently exist. Some of these activities may be achievable easily, as to where some may take more time and more resources.

Natural Risks These risks are usually associated with weather related events: flooding, high winds, severe storms, tornado, hurricane, fire, high winds, snow storms, and ice storms.
Risk / Threat Preventative Measures
Earthquakes • Move large and heavy objects to the fall to prevent injury (from falling on people.)
• Equipment tie-downs are used on all critical computer equipment.
• Emergency power is available on-site.
• Earthquake construction guidelines have been adhered to so that damage can be minimized.
• Critical data and vital records should be backed up and sent offsite for storage.
• Staff should be trained in Earthquake evacuations and safety.

Man-Made Risks
These risks are usually associated with man-made type of events: Bomb threats, vandalism, terrorism, civil disorder, sabotage, hazardous waste, work stoppage (internal/external), and computer crime.
Risk / Threat Preventative Measures
Staff Productivity Risks • Alternate sources of trained employees have been identified
• Proper training and necessary cross-training is conducted
• Files are backed up and procedures are documented
• The work areas are comfortable and safe

Environmental Risks
These risks are usually associated with exposures from surrounding facilities, businesses, government agencies, etc.
Risk / Threat Preventative Measures
Hazardous Materials Plant • There is a nightly backup of data processing electronic record and that backup is stored off-site
• The off-site backup facility is a sufficient distance away from this facility
• An alternate site has been identified for use in the event that this facility is unusable

Recovery Procedures
1. Contact Centurion personnel, review shipping options and make necessary arrangements for both communications equipment from securing and supplies to Centurion.
2. Retrieve tapes and supplies from off-site storage is required
3. Make travel arrangements for any of the operations staff going to Centurion.
4. Hand carry critical supplies, require databases, and software to Centurion
5. Centurion has the appropriate communications equipment already on site to establish a VPN with our disaster recovery router.

Contingency center
Centurion Disaster Recovery Center: 1-800-299-4411 Centurion Disaster Recovery supports core and complementary solutions with production-proven disaster recovery services. The process begins with planning all aspects required for full data recovery. Strategically located, regional hot sites are fully equipped with the technology platforms and redundancies necessary to mirror diverse financial institutions’ operational infrastructures and recreate unique business environments. Each hot site is staffed by industry and technical experts with proven working knowledge of software and hardware platforms, and financial institution operations. These multitier services will support all key business activities including information and item/image processing, safeguard financial institutions against disasters, minimize the potential business interruptions and the inherent risks, and ensure compliance with the related regulatory requirements.
What It Does
• Provides production-proven disaster recovery systems for core processing solutions and complementary products.
• Provides fully equipped regional hot sites that can recreate financial institution-specific business environments.
• Supports all key business activities, including information and item/image processing.
• Provides access to industry and technical experts with working knowledge of software solutions, core and peripheral hardware platforms, and financial institution operations.
• Provides mobile units as alternatives to temporarily relocating operations to a regional disaster recovery center.
• Facilitates annual testing and updates of financial institution-specific business recovery plans.
Location:
1021 Central Expressway South Allen, TX 75013

Damage Assessment Team The Damage Assessment Team is a technical group responsible for assessing damage to Perfect-10 DTMX01 and its components. It is composed of personnel with a thorough understanding of hardware and equipment and the authority to make decisions regarding the procurement and disposition of hardware and other assets. This team is primarily responsible for initial damage assessment, accounting of damage assessment, loss minimization, salvage and procurement of necessary replacement equipment and interfaces. This team should include vendor representatives. The Damage Assessment Team will enter the facility as soon as they have received permission to do so from emergency services. A written detailed account should be made of the general status of the work area, with specific attention to the condition of hardware, software, furnishings, and fixtures. Recommendations should be made that all damaged equipment, media, and documentation be routed immediately to disaster recovery and restoration experts for a determination as to its ability to be salvaged or restored. Team overview Teams play a vital role in recovering from any disaster. Organizing and monitoring the team is one of the most important aspects of a recovery plan. These teams are directly responsible for implementing the recovery of the or plan and organizing employees to facilitate a rapid recovery. Team leaders will be responsible for improving the original plan and reviewing it on an basis. When organizing teams, it is important to evaluate all potential members. Evaluation criteria included the distance to and from work, the overall knowledge of the task, the amount of time spent out of town, personal commitments such as part time jobs or young children, and leadership qualities. Above all, team members must be assessable and ready to be respond should the need arise. Alternate leaders are appointed to act as team leader, should the team leader be unable to fulfill the commitments of the duty. Each team should have enough members to complete all responsibilities assigned to the team. Team leaders may adjust responsibilities if conditions warrant, such that the overall objective of recovering mission critical functions is achieved.
Executive management team
Team leaders: Hue Hefner (Owner)
Alternate team leader: Pamela Anderson
Member: John Muro
Responsibilities:
1. Verify the extent of the disaster
2. Keep all team leader updated on recovery status
3. Make decisions on plan activation and level
4. Delegate, monitor and supervise all other team leaders.
5. Notify board members and maintain communication with them.
6. Notify insurance providers.
7. Provide funding for all aspects of the recovery effort as well as replacing lost assets.
8. Interface with authorities (police, fire, etc.)
9. Review alternate sites and formalize arrangements for relocation.
10. Activate control center and act as focal point for vendors and internal personnel.

Information systems team
Team leader: John Muro
Alternate team leader: Jonathon James (Hacker contracted Employee works from prison)
Member: Adrian Lamo (contracted Employee)
Responsibilities:
1. assess extent of disaster and level of recovery steps required
2. retrieved tapes and supplies from off-site storage
3. ship backup tapes to Hugh Hefner, Inc
4. locate, purchase and reconfigure replacement equipment
5. contact all mission-critical vendors affected, implement backup plans if necessary
6. keep all I.T. vendors informed of recovery needs and status
7. ensure their critical files are backed up and stored off-site
8. ensure reliable Internet is available
9. provide team support around the clock until systems are restored

Communications team
Team leaders: Walter, Cronkite
Alternate team leader: Dan Rather
1. Write copy for notification to the general public on the disaster situation and distribute through preapproved media channels (radio, television, websites, social media)
2. Ensure employees are kept updated on recovery status of operations, including when and where to report for work.

Similar Documents

Premium Essay

Agenda: Business Process for a Long Term Period

...implementing of new wearable technology in the present ongoing system * To create a concrete figure of our business in the market, updating the business with the new wearable technology will help it growing in long term run. * Using the information system technique can organize the work more simple and reliable to use. * The use of wearable technology with help in combining the solution for the problem in an organization of various factors. According to the research on various terms the productivity of variable things are to be made available. New technology play vital role in saving the time and money of an organization substantially carrying various task together. The age of quantified self has started with wearable technologies such as Jawbones, Fit bits etc. Many companies are using wearable technologies to keep track of their staff, improve their collaboration and efficiency. However, introducing such technology to a complex and sensitive system such as payroll management can put forward many challenges to the management and the organisation. Business Challenges with introducing new wearable technology to manage payroll information: Achieving Integrity and trust with employees: The biggest challenge in implementing wearable technology on the employees to manage payroll information is integrity. Everyone in the organisation would be struggling to be more successful and to make more profits to the business. If the new technology features give any......

Words: 1573 - Pages: 7

Premium Essay

Pirivacy Issues

...Insights on IT risk February 2010 Top privacy issues for 2010 Information serves as an integral part of most business processes. Organizations cannot survive without information and the supporting systems, third parties and manual activities that collect, derive, process, store and make available the information. Organizations rely on information and, therefore, are at risk when the information is degraded. In addition, information often imposes obligations to the organization, whether because a law or regulation requires it, or fiduciary duty demands it. Enterprise governance, risk and compliance (GRC) represents the actions that an organization takes to achieve its performance objectives and manage risk. This includes information risk and the organization’s obligations over the information it owns, produces, uses and makes available to others. Organizations use different kinds of information — financial, business, intellectual property, etc. — each with its own unique governance, risk and compliance considerations. Personal information is one such information category, and in this publication we take a closer look at the specifics of personal information and privacy risk. Insights on IT risk — February 2010 1 Introduction to privacy risk management and compliance This document introduces the related topics of privacy risk management and compliance, describes how they must be addressed integrally to be effectively managed, discusses how effective......

Words: 6110 - Pages: 25

Premium Essay

It Risk Management

...Information Technology Risk Management Risk management is the continuing method to recognize, examine, appraise, and treat loss exposures and monitor risk control and financial resources to diminish the adverse effects of loss (Marquette). Every company has a goal. In this internet age, as companies use computerized information technology systems to manage their data for better support of their goals, risk management plays a crucial role in defending a company’s information technology‘s resources and its goals from information technology’s risk. A successful risk management method is an important component of an effective information technology security program. The primary goal of a companies risk management method should be to protect the company and its ability to accomplish their task, not just its information technology’s assets. Therefore, the risk management method should not be treated primarily as a technical function carried out by the information technology professionals who control and administer the information technology system, but as a necessary management function of the company (Stonebrner). Risk management is the method that allows information technology supervisors to assess the operational and economic expenses of protective measures and achieve gains in operational capability by keeping the information technology systems and records that support their company’s goals. This method is not unique to the information technology environment; indeed......

Words: 1274 - Pages: 6

Premium Essay

Riordan

...Risk Management – Kentucky Farm Bureau Insurance Christopher Peer CMGT/582 – Security and Ethics John Harvey Overview Kentucky Farm Bureau Insurance is challenged to align security with business requirements. Business operational and financial integrity alongside compliance mandate that adequate and appropriate policy, operational and technical controls are in place to protect the organization and its information assets. To validate that its security and risk management program is effectively managed to business requirements, KFB relies on an effective risk assessment program to evaluate information security, set priorities, identify weaknesses and shortcomings in current processes, and define changes to improve the overall effectiveness of the security program. KFB frequently compares their information security program to others in the same industry sector to provide appropriate guidance on strengths and deficiencies in the program so they can maintain an appropriate level of information security for their business. The Assessment Approach The Kentucky Farm Bureau risk assessment program is based on industry best practices in the areas of information security and risk management. These practices are first introduced to key management and security personnel to develop proper methods for improving the information security program. The assessment starts with the data gathering phase to collect data that will be used to adapt the assessment data model to the KFB......

Words: 2717 - Pages: 11

Premium Essay

Research

...Wetzbarger – Group Lead / PM Marlowe Jones – Deputy Lead / PM & Research Coronda Wilson - Complier Sudharma Thikkavarapu - Researcher Latoria Wilson - Researcher The scope of the project. http://www.tutorialspoint.com/management_concepts/project_scope_definition.htm http://searchcio.techtarget.com/definition/project-scope Should we have a scope statement, vice a scope in terms of time & money? Thoughts? The estimated cost. SWAG @ $100,000 The schedule, including the major milestones and a timeline. 6 Week schedule: Timeline & Milestones: Week 1: Complete and Deliver Project Charter Week 2: Complete and Deliver Project Risk Management Plan Week 4: Compete and Deliver Business Case Week 6: Complete and Deliver Business Case Presentation How the team will apply controls to manage the scope, cost, and schedule variables, including examples of control charts and...

Words: 832 - Pages: 4

Premium Essay

Agricultural Lending

...INTRODUCTION In many developing countries, risk management techniques are underdeveloped or insufficient for institutions to efficiently lend to activities in the agricultural sector. Information on borrowers’ credit histories is rarely available, resulting in information asymmetries that make accurate credit risk assessment difficult. In addition, while agricultural client’s major assets are production and land, it is often difficult for banks to use these as collateral, and particularly difficult to foreclose on land in case of default. Compounding this lack of traditional collateral is the presence of a high degree of covariate risk, in particular market price risk and weather risk. Banks lending to agricultural clients know that agricultural and rural revenues easily drop below break-even levels due to extreme weather events and price falls, which result in defaults and higher loan loss provisions, thereby making lending to agribusiness unprofitable. The second major constraint in agricultural lending, high transaction and supervisory costs, is due to the particular risk, nature, and characteristics of the rural sector. In all financial markets, there is a trade-of between minimizing loan default and supervisory costs, but the nature of agricultural lending, especially through microfinance institutions, makes transaction costs and supervision costs disproportionately high relative to its urban counterpart. The small size of seasonal agricultural credit results in high...

Words: 6593 - Pages: 27

Premium Essay

Is Professionals

...Introduction Information technology implementation is the basic requirement of emprises now days. Information security (IS) is important to secure this system and ensures the balance in information risk and information control. “Principles of Information Security, 4th Edition” is the book which provides balance information about information security in modern enterprises, risk management, security technology and Information security professionals with their roles in managing risk in information security (Whitman & Mattord, 2011). The study of this book makes us capable to evaluate the top five IS professionals and their respective roles in information security. Top Five IS Professionals and Their Roles and Responsibilities In top five IS professionals Chief Information Officer (CIO). CIO is the leading IS professional as he led other on the way to adopt the strategies to mitigate Information risks in order to manage the information system of the company. The main responsibility of CIO is to guide the chief executive officers and president of the company in information management matters and advise them in order to take effective decisions to implement information security system (Siponen, 2000). The leading position and decision making power of CIO make it capable to take important information management decisions. This is the major reason to rank him as the fist important IS professional. Chief Information Security Officer (CISO) is the second most important IS......

Words: 587 - Pages: 3

Free Essay

Credentials

...Best Practices in Records Management & Regulatory Compliance Andy Moore . . . . . . . . . . . . . . . . . . . . . . . . . .2 Cheryl McKinnon, Hummingbird Ltd. . . . . . . . . . . .4 Records Management: Beyond the Quick Fix There’s a movie playing at my multiplex that warns against placing blind trust in technology, because it’ll getcha in the end. I haven’t seen it yet …” The RM Challenge of Electronic Communications The world of a typical knowledge worker is changing once again. Over the last two decades the technology revolution has broadened access to authoring tools, e-mail and other forms of electronic communication … TOWER Software North America . . . . . . . . . . . . . .6 Randolph Kahn, Esq. & . . . . . . . . . . . . . . . . . . . . . . . . . .8 Barclay T. Blair, Kahn Consulting E-Mail Management: Avoiding the 6 Common Mistakes Information management has become a vital focus for all organizations to address risk mitigation, compliance and overall business continuity … Records Management Redefined: From The Backroom to the Boardroom What is Records Management? Records management is the application of policies, practices, technologies and other management controls … Del Zane and Dean Berg, Stellent . . . . . . . . . . . . .10 Turning Compliance Projects into Business Processes In the not-too-distant past, compliance initiatives often were characterized by back-office operations that involved large volumes of records … Michael McLaughlin, Exact Software . . . . . ....

Words: 22562 - Pages: 91

Premium Essay

Network Security Policy

...Effective Network Management Jonathan Gana KOLO, Umar Suleiman DAUDA Department of Electrical and Computer Engineering, Federal University of Technology, Minna, Nigeria. jgkolo@gmail.com, usdauda@gmail.com Abstract Network security and management in Information and Communication Technology (ICT) is the ability to maintain the integrity of a system or network, its data and its immediate environment. The various innovations and uses to which networks are being put are growing by the day and hence are becoming complex and invariably more difficult to manage by the day. Computers are found in every business such as banking, insurance, hospital, education, manufacturing, etc. The widespread use of these systems implies crime and insecurity on a global scale. In addition, the tremendous benefits brought about by Internet have also widened the scope of crime and insecurity at an alarming rate. Also, ICT has fast become a primary differentiator for institution/organization leaders as it offers effective and convenient means of interaction with each other across the globe. This upsurge in the population of organizations depending on ICT for business transaction has brought with it a growing number of security threats and attacks on poorly managed and secured networks primarily to steal personal data, particularly financial information and password. This paper therefore proposes some policies and guidelines that should be followed by network administrators in organizations to......

Words: 3892 - Pages: 16

Premium Essay

It Systems Technician

...Framework Control Objectives Management Guidelines Maturity Models COBIT 4.1 The IT Governance Institute® The IT Governance Institute (ITGITM) (www.itgi.org) was established in 1998 to advance international thinking and standards in directing and controlling an enterprise’s information technology. Effective IT governance helps ensure that IT supports business goals, optimises business investment in IT, and appropriately manages IT-related risks and opportunities. ITGI offers original research, electronic resources and case studies to assist enterprise leaders and boards of directors in their IT governance responsibilities. Disclaimer ITGI (the “Owner”) has designed and created this publication, titled COBIT® 4.1 (the “Work”), primarily as an educational resource for chief information officers (CIOs), senior management, IT management and control professionals. The Owner makes no claim that use of any of the Work will assure a successful outcome. The Work should not be considered inclusive of any proper information, procedures and tests or exclusive of other information, procedures and tests that are reasonably directed to obtaining the same results. In determining the propriety of any specific information, procedure or test, CIOs, senior management, IT management and control professionals should apply their own professional judgement to the specific circumstances presented by the particular systems or IT environment. Disclosure Copyright © 2007 by the IT Governance......

Words: 85189 - Pages: 341

Premium Essay

Risk Management

...Introduction of Risk Management Risk management is a culture which involved of the cooperation of all individual in the organization or group. The main achievement of risk management is not to discuss how the risk can be managed or prepare, but, more important, is to understand why the risks need to be managed and why it is so important. There are many techniques, tools, guidelines or processes to assist risk managers to manage risks. However, the main job of a risk manager and most efficient way to manage risk is to educate, to influence teammates in the organization to understand the definition, meaning and background of risk and how risk can change their company, their career and even their own life. Nowadays, companies do not deal with just one or two risks but a range of risks. The most common risks are related to internet network systems and IT security, activities of the competition, customer services, and law and contract issues. Risk management is important for many different kinds of development, production and many other enterprising projects because there is always information like key project cost, performance and schedule attributes which are unknown or fluctuate during the project. Risks that can be recognized in the early stage of the project which would potentially affect the project can be eliminated or minimized with a good risk management process. However, for those unexpected events that are unforeseen by the project team or organization, an......

Words: 2483 - Pages: 10

Free Essay

Jdk Installation

...LESSON 1 INFORMATION SYSTEMS MANAGEMENT Aims and outcomes Aims The aim of this session is to introduce and re-affirm your basic understanding of data, information and information systems. The discussions will lead you to develop an understanding of the concept of an organisation as a system. Further, you will examine the flows of decision-making and the sources of data used to make those decisions. Finally, we will consider the types of IS/IT required to support organisations at three different levels of decision-making - operational, tactical and strategic. This session provides the foundation for the remainder of the sessions. Learning Outcomes By the end of this lesson you will: • • • • Understand the use of data and decision-making at the different levels of a conceptual organisation. Understand the concepts of systems thinking to support business operations. Familiarize yourself with the vocabulary of strategy. Understand the importance of IT/IS as a strategic tool. Required Reading Chapter One – Foundations of Information Systems in Business Read through Chapter One Section 1 of the text book Read the Real World case study 2 – Lufthansa: Taking Mobile Computing to the Skies While Keeping the Mobile Workforce Connected. Student Activity Answer the questions at the end of the case study Post your answers onto the discussion board. Background Reading • • Here is the web address for a series of articles addressing knowledge and information management:......

Words: 2904 - Pages: 12

Premium Essay

It Risk Management

...MIT Sloan School of Management MIT Sloan School Working Paper 4933-11 Developing a Common Language About IT Risk Management George Westerman and Richard Hunter ©George Westerman and Richard Hunter All rights reserved. Short sections of text, not to exceed two paragraphs, may be quoted without explicit permission, provided that full credit including © notice is given to the source. This paper also can be downloaded without charge from the Social Science Research Network Electronic Paper Collection: http://ssrn.com/abstract=1979796 Electronic copy available at: http://ssrn.com/abstract=1979796 CENTER FOR Massachusetts INFORMATION Institute of SYSTEMS Technology RESEARCH Sloan School Cambridge of Management Massachusetts Developing a Common Language About IT Risk Management George Westerman and Richard Hunter June 2009 CISR WP No. 377 A version of this paper will be published as “Developing a Common Language About IT Risk,” IESE Insight, Issue 1, Second Quarter 2009: 21–27. © 2009 Massachusetts Institute of Technology. All rights reserved. Research Article: a completed research article drawing on one or more CISR research projects that presents management frameworks, findings and recommendations. Research Summary: a summary of a research project with preliminary findings. Research Briefings: a collection of short executive......

Words: 5211 - Pages: 21

Premium Essay

Cobit 4.1

...Control Objectives Management Guidelines Maturity Models COBIT 4.1 The IT Governance Institute® The IT Governance Institute (ITGITM) (www.itgi.org) was established in 1998 to advance international thinking and standards in directing and controlling an enterprise’s information technology. Effective IT governance helps ensure that IT supports business goals, optimises business investment in IT, and appropriately manages IT-related risks and opportunities. ITGI offers original research, electronic resources and case studies to assist enterprise leaders and boards of directors in their IT governance responsibilities. Disclaimer ITGI (the “Owner”) has designed and created this publication, titled COBIT® 4.1 (the “Work”), primarily as an educational resource for chief information officers (CIOs), senior management, IT management and control professionals. The Owner makes no claim that use of any of the Work will assure a successful outcome. The Work should not be considered inclusive of any proper information, procedures and tests or exclusive of other information, procedures and tests that are reasonably directed to obtaining the same results. In determining the propriety of any specific information, procedure or test, CIOs, senior management, IT management and control professionals should apply their own professional judgement to the specific circumstances presented by the particular systems or IT environment. Disclosure Copyright © 2007 by the IT Governance......

Words: 84132 - Pages: 337

Premium Essay

Advanced Corporate Finance

...Advanced Corporate Finance [FN2] Examination Blueprint 2013/2014 Purpose The Advanced Corporate Finance [FN2] examination has been constructed using an examination blueprint. The blueprint, also referred to as the test specifications, outlines the content areas covered on the examination and the weighting allotted to each content area. This document also lists the topics, the level of competence for each topic, and the related learning objectives and competencies. The learning objectives have been designed to ensure that the competencies are met. In addition, information is provided on the proportion of each question type presented in the examination (that is, multiple choice, quantitative problems, and so on). Use Candidates should use the examination blueprint to prepare for the course examination. The blueprint may not include all the topics listed in the course materials; however, candidates are still responsible for acquiring a broad-based knowledge of all topics not listed in the blueprint since these topics will be tested in assignment and review questions. The topics not listed in the blueprint will also provide candidates with a greater depth of understanding of finance concepts. Examination Objectives The objective of the 4-hour comprehensive examination is to test CGA candidates on the prerequisite knowledge required for advancement into PA1 and PA2, so as to ensure that the candidates have the broad-based knowledge in finance needed to function properly in the......

Words: 4207 - Pages: 17