ACC 662 Chapter Notes - Chapter 6: International Organization For Standardization, Information Security, Computer Security
Document Summary
Isms organizational internal control process that controls special risks associated with info. Isms is a part of erm (erm process by which management balances risks vs. opps) The information security management system life cycle 4 phases. Various international standards are promulgated for information security. Internal control integrated framework, enterprise risk management integrated framework, and. Guidance on monitoring internal control systems. also important is control objectives for information and related technology (cobit) published by the information systems audit and control association (isaca) and the it governance institute (itgi). The information security system must be managed by a chief security officer (cso), should be internal auditor, who should report directly to the board of. In the quantitative approach to risk assessment, each loss exposure is computed as the product of the cost of an individual loss times the likelihood of its occurrence.