This week we will be focusing our checklists on guides that will help you to assess your risk management programs. Often times we like to say that risk management drives our audit programs and it drives our information security programs – but how do we know our risk management programs work? I have seen some companies run asset inventories and call that a risk assessment. I’ve seen other companies run vulnerability scans of their systems and call that a risk assessment. What is a risk assessment and how do I know if it meets my business needs. This week’s resources try to answer those questions and a little more.
We’ll post a summary again next week – or follow us live at @jamestarala and @isaudit! This week’s tweets are focused on risk management models for those of you trying to decide which model works best for you. We hope you enjoy them.
Risk Management Checklists & Security Guides
NIST 800-30 on Risk Assessment
Risk Assessment Resources from the University of GA
Truth 2 Power on Assessing Risk Management
Resources from the State of Ohio EPA
Resources from the State of DE
We hope everyone will enjoy and use these tools this week. If you have suggestions or ideas for future audit checklists or tools, please let us know, we’d love to hear your feedback.