PO09 Assess and manage IT risks

focuses on	development of a risk management framework that is integrated in business and operational risk management frameworks, risk assessment, risk mitigation and communication of residual risk
is controlled by	PO09.1 IT Risk Management Framework Establish an IT risk management framework that is aligned to the organisation´s (enterprise´s) risk management framework. PO09.2 Establishment of Risk Context Establish the context in which the risk assessment framework is applied to ensure appropriate outcomes. This should include determining the internal and external context of each risk assessment, the goal of the assessment, and the criteria against which risks are evaluated. PO09.3 Event Identification Identify events (an important realistic threat that exploits a significant applicable vulnerability) with a potential negative impact on the goals or operations of the enterprise, including business, regulatory, legal, technology, trading partner, human resources and operational aspects. Determine the nature of the ... PO09.4 Risk Assessment Assess on a recurrent basis the likelihood and impact of all identified risks, using qualitative and quantitative methods. The likelihood and impact associated with inherent and residual risk should be determined individually, by category and on a portfolio basis. PO09.5 Risk Response Develop and maintain a risk response process designed to ensure that cost-effective controls mitigate exposure to risks on a continuing basis. The risk response process should identify risk strategies such as avoidance, reduction, sharing or acceptance; determine associated responsibilities; and consider risk ... PO09.6 Maintenance and Monitoring of a Risk Action Plan Prioritise and plan the control activities at all levels to implement the risk responses identified as necessary, including identification of costs, benefits and responsibility for execution. Obtain approval for recommended actions and acceptance of any residual risks, and ensure that committed actions ...
is part of	Plan and Organise (PO) covers strategy and tactics, and concerns the identification of the way IT can best contribute to the achievement of the business objectives. The realisation of the strategic vision needs to be planned, communicated and managed for different perspectives. A proper organisation as well as ...
can be mapped to	[06.6] Information security management Objective: To manage information security effectively within all service activities. f) manage risks Risk Management the process responsible for identifying, assessing and controlling Risks (source: ITIL V3 Glossary) Note that this topic is published in chapter 9.5 but not in chapter 5, and is not considered an official ITIL process!
supports	Account for and protect all IT assets. Establish clarity on the business impact of risks to IT objectives and resources. Protect the achievement of IT objectives.

Lernen Sie mehr über PO09 Assess and manage IT risks in einer unserer Schulungen:

CobiT Basic Practitioner Schulung

Haben Sie Fragen zu diesem Thema? Oder können wir sonst etwas für Sie tun? Unsere Experten stehen Ihnen gerne zur Verfügung:

schreiben Sie uns

Dies ist ein Teil des Body of Service Knowledge der Continental Software GmbH, zusammengetragen aus den Best Practices der ITIL und CobiT und PMBOK Frameworks, der ISO 20000 Norm, sowie aus eigener Erfahrung.

© Continental Software GmbH; ITIL® und IT Infrastructure Library® sind eingetragene Warenzeichen des Office of Government Commerce (OGC). COBIT® ist eingetragenes Warenzeichen der Information Systems Audit and Control Association (ISACA). ISO® ist eingetragenes Warenzeichen der International Organization for Standardization. PMI und PMBOK sind eingetragene Marken des Project Management Institute, Inc. Andere hier erwähnte Inhalte, Produkt- oder Firmennamen können die Warenzeichen ihrer jeweiligen Eigentümer sein.