Content area
Full text
Speed is vital to assess and manage swiftly changing risks and meet regulatory demands. A matrix-based approach can offer a faster route than traditional, bottom-up methods
Opinion
IT risk management is no longer an optional extra for business. Unforgiving new regulations, including Sarbanes-Oxley and Basel 2, demand that responsible corporate governance be built on effective controls - and risk assessment is fundamental to controls assurance.
This raises a dilemma for chief information officers. Until now almost all IT risk management methodologies, such as Cram, Sprint and Octave, have been highly structured and even the light versions are extremely complex and time consuming.
Rather than providing prompt answers to critical business security questions, they are geared towards ongoing assessment and management of broad-spectrum business risks.
Some of these programmes take many manmonths, even years, to complete. In addition to this extensive time and effort, a change in the organisation is not unusual and as a result, the programme may be abandoned. Consequently many organisations, possibly with the exception of financial services and...