From the course: ISACA Certified Information Systems Auditor (CISA) Cert Prep

Unlock this course with a free trial

Join today to access over 25,300 courses taught by industry experts.

Enterprise risk management

Enterprise risk management

From the course: ISACA Certified Information Systems Auditor (CISA) Cert Prep

Start my 1-month free trial Buy for my team

Enterprise risk management

- [Instructor] All right, let's talk a little bit about risk management throughout the enterprise. So we need a risk management framework to follow, and the one that I've picked out to look at is NIST 800-39. And this particular framework, or standard, if you will, discusses implementing security and risk management within or at the organizational, mission, and information system view. So ultimately, it addresses the three tiers of the organization. You have the needs of the organization as a whole. We're talking strategic goals so that we can satisfy those stakeholder needs. Then we have mission goals. You can think of those as project goals where we have individual projects that are designed to help us meet the goals and objectives of the business. And then, at the bottom, and that's for a reason, last, we look at the information system view. The information systems support the mission, the mission supports the organization. So NIST 800-39 lays out essentially the elements of the…

Contents