journal header

Volume 2, 2019

This Week's Online-Exclusive Feature

Enterprise Risk Monitoring Methodology, Part 2

Enterprise Risk Monitoring Methodology, Part 2
10 April 2019
Luigi Sbriz, CISM, CRISC, ISO/IEC 27001:2013 LA, ITIL v3, UNI 11697:2017 DPO

An enterprise risk monitoring process requires the involvement of all the internal processes in the organization but under different perspectives, due to the processing of data having different degrees of granularity. This is generally considered a complex and time-consuming effort in linear proportion to the size of the organization. The most obvious goal is to contain the costs of managing the risk-monitoring process while seeking high-quality outcomes, reducing the time, effort and the complexity of the operation.

This methodological approach keeps the process simple and doable even in very large and complex organizations. Read More >>

Indicates Online-Exclusive Content



This Week's Featured Blog

Simplifying Enterprise Risk Analysis
8 April 2019
Luigi Sbriz, CISM, CRISC, ISO/IEC 27001:2013 LA, ITIL v3, UNI 11697:2017 DPO

How many enterprise risk analysis reports must an organization release? A few years ago, I faced this question in light of cost, time and complexity of the solution. My conclusion is that 1 is fine.

Cost is a consequence of the details I need, the number of people involved and their time. Complexity can come from the need for training sessions (and increased costs). A lot of time spent on refreshing basic information means it is updated less frequently, and the obsolescence will decrease the quality of the results. Read More >>

Indicates Online-Exclusive Content



What's New for Nonmembers

IS Audit Basics Articles

Auditing Cybersecurity

Assurance Considerations for Ongoing GDPR Conformance

Affect What Is Next Now

Auditing the IoT

Add Value to What Is Valued

Auditing Data Privacy


Full Journal Issues

Volume 2, 2018 Innovation Governance

Volume 1, 2018 The Future of Data Protection

Volume 6, 2017 Transforming Data

Volume 5, 2017 Enabling the Speed of Business

Volume 4, 2017 Mobile Workforce

Volume 3, 2017 The Internet of Things

Sponsored Feature Articles

Why Security Product Investments Are Not Working

Why Attackers Are Turning Their Attention Toward ERP Applications

Innovating Internal Audit to Unlock Value

Centralized, Model-Driven Visibility Key to IT-OT Security Management

The AICPA’s New Cybersecurity Attestation Reporting Framework Will Benefit a Variety of Key Stakeholders

Indicators of Exposure and Attack Surface Visualization