IA OM as an Enterprise Risk Management Metric
نویسندگان
چکیده
Ting and Comings [1] described how to use the Information Assurance (IA) Object Measurement (OM®) metric as a tool to measure the monitoring step (Step 6) described in the United States (U.S.) National Institute of Standards and Technology’s (NIST) Risk Management Framework (RMF)1 [2]. This chapter expands the applicability of the IA OM® metric and shows how it may be used as an enterprise-wide information security risk management metric.
منابع مشابه
Reputation Risk Management in the Framework of Enterprise Risk Management: Evidences from an Active Financial Institution in the Capital Market of Iran
Reputation risk as one of the most important risks in any competitive industry and market should be considered before all the risks of the enterprise which also affects other risks. This research aims to review and manage reputation risk in the framework of enterprise risk management. Considering the importance of the subject and lack of available studies in this field, the innovation of presen...
متن کاملEnterprise-Wide Risk Management (EWRM) as a Value Added Tool in Enhancing the Economic Value of Business Enterprises
In recent years, Risk Management in respect of Enterprise-Wide Risk Management (EWRM) has become more important and highly critical to major corporations worldwide including Malaysia. In fact, it is interesting to note that when the Government of Malaysia passed the Code of Corporate Governance in the year 2000, most of the Public Limited Companies (PLCs) in Malaysia was struggling to implement...
متن کاملTowards Measuring the Project Management Process During Large Scale Software System Implementation Phase
Project management is an important factor to accomplish the decision to implement large-scale software systems (LSS) in a successful manner. The effective project management comes into play to plan, coordinate and control such a complex project. Project management factor has been argued as one of the important Critical Success Factor (CSF), which need to be measured and monitored carefully duri...
متن کاملEnterprise Risk Management and Performance of Financial Institutions in Iraq: The Mediating Effect of Information Technology Quality
Enterprise risk management represents a process of assessing exposure to risks in an institution. It is a systematic mechanism and a comprehensive tool for predicting events, including unexpected events, and their impacts. This paper is a conceptual study. It aims at designing a model for testing the mediation effect of information technology (IT) quality on the relationship between the enterpr...
متن کاملA risk-metric framework for enterprise risk management
A risk-metric framework that supports Enterprise Risk Management is described. At the heart of the framework is the notion of a risk profile that provides risk measurement for risk elements. By providing a generic template in which metrics can be codified in terms of metric space operators, risk profiles can be used to construct a variety of risk measures for different business contexts. These ...
متن کامل