Sunday Mar 9, 2014
|New Control and Risk Calculator Reduces Guesswork in IT Investments|
Free analyst tool helps IT and compliance managers assess and prioritize compliance and control efforts around information protection, integrity, and availability.
It's no secret that tough economies shift corporate focus towards risk-based budgeting. Regulatory pressures and corporate responsibilities persist, even when budgets are tight. Managers must hone in on technology investments that keep the business on course and reduce the risk of undue financial loss.
A new Control & Risk Calculator offered by the Truth to Power (T2P) research community supports managerial objectives for more risk-intelligent IT investments. Incorporating principles from ISO 27001, CobiT, NIST 800-53, and other popular IT governance standards, the tool helps managers assess internal control and impact factors that shape IT investment priorities.
"IT investment decisions should reflect the service orientation of IT operations," says Cass Brewer, founder of the T2P research community. "That means evaluating information processes and controls, not just technologies. Unfortunately, conventional IT risk calculations are based on equipment costs—'if a virus takes a machine offline, what's the cost of replacement?' That just doesn't cut it. T2P designed the Control & Risk Calculator to give managers a more complete and balanced picture of where their real service and compliance priorities lie."
Based on user answers to a simple questionnaire, the free Calculator analyzes control effectiveness, residual risk, and actual risk-vs.-risk tolerance. The ultimate output is a risk-based action recommendation for each of the user's indicated controls.
In addition to generally supporting better information governance decisions, the Calculator is designed to promote compliance with the PCI Data Security Standard, HIPAA privacy and security requirements, DHS Cybersecurity rules, SOX information integrity implications, global privacy laws, and other information-intensive mandates. Managers can use the tool to:
• Record and track existing information controls
• Assess the effectiveness of controls against recognized risk
• Reveal gaps in compliance and information governance
• Evaluate the impact of operational and environmental changes on control effectiveness
The Control & Risk Calculator is available for free online at http://www.t2pa.com/crc.
--- About Truth to Power, LLC.
Founded on the principles of knowledge, utility, credibility, and community, Truth to Power, LLC provides critical information resources for humans and machines. T2P's guiding principles are: 1) To provide genuinely useful, unbiased business research and resources that help businesses reduce operational costs and uncover capital opportunities; 2) To reveal alignment between siloed business disciplines, organizations, frameworks, and practices; and 3) to enable and encourage community members to share practical experience and expertise towards a common good. Membership and resources are free. Be a part of Truth to Power at http://www.t2pa.com/.