Visual Tool Ensures Regulatory Compliance and Effective Implementation of Corporate Risk Management Requirements ENISA develops graphical framework illustrating the integration of Risk Management/Risk Assessment into corporate operational processes
ENISA has produced the first detailed, fully searchable visualisation and overview of process models which demonstrate the interrelations between corporate risk management and operational processes. The aim is to provide clear guidance to large and medium sized business on the execution and integration of IT risk management. This tool will reduce risks, and give a better quality of global and local risk management/operational IT processes. Finally, this tool can lead to better compliance with corporate risk management regulations.
Corporate information technology (IT) risk management is frequently implemented in isolation and with little regard to operational risks. This lack of operational context nullifies the central objective of risk management and renders it largely ineffective. The result can have a vast negative impact on business processes.
Represented through a visually rich, prototypical tool (ADOit) and set out in a report, ENISA’s process models include an comprehensive overview of activities, input/output information flows and roles. They cover the interaction between IT risk management and standard operational processes, for example IT operations (based on ITIL ) or application development (based on a Rational Unified Process-RUP). The Agency’s framework includes guidelines on how to manage operational risks according to a corporate risk strategy.
Risk management and risk assessment are fundamental processes for the establishment of security in any organization. However, the effectiveness thereof depends on the level and quality of risk management integration with key operational business processes.
The Agency Expert Dr Marinos explained the benefits of the work:
“Companies can further adapt or refine the material, use it to conduct a GAP analysis of and compliance with operational processes, or employ it for training purposes. As such, it is a foundation for ways to successfully introduce risk management and assessment into organisations. This will reduce the potential impact of operational incidents which may cause severe damage to the organisation.”
Next steps
This report is the first step in a corporate governance framework that ENISA soon will announce. ENISA’s report and accompanying framework is targeted mainly to IT security, risk management, IT governance professionals.
For further information visit: