Toward Integrated Enterprise Risk Management, Model Risk Management & Cyber-Finance Risk Management: Bridging Networks, Systems and Controls Frameworks
Presented at: 2015 NY Cyber Security & Engineering Technology Association Conference, Oct. 22, 2015, Rochester Institute of Technology, Rosica Hall, NTID, Rochester, New York
85 Pages Posted: 11 Jun 2016 Last revised: 23 Jul 2017
Date Written: October 22, 2015
By adopting and integrating the 3 levels of specific frameworks discussed herein, a financial institution can develop, maintain, improve, and sustain its enterprise risk management and compliance frameworks.
The proposed risk management framework identifies 3 levels for bridging the gaps in industry frameworks of prudent risk management and information assurance. Context-sensitive adaptation can be enabled by integration across vulnerability analysis and penetration testing embedded within overall systems and networks controls framework and risk management frameworks.
Given the discussed contexts of risk management, controls, and compliance frameworks, compliance can benefit from adapting the proposed framework to institution’s specific needs. Integration across the 3 levels of vulnerability analysis and penetration testing embedded within overall systems and networks controls and overarching risk management frameworks can facilitate such context-sensitive adaptation.
From perspective of the ISACA framework, vulnerability assessment and penetration testing can be embedded within IT audit framework of assessment of adequacy of internal controls for effective risk management and compliance.
Related Accepted Conference Paper: Bridging Networks, Systems and Controls Frameworks for Cybersecurity Curricula & Standards Development, 2015 NY Cyber Security & Engineering Technology Association Conference, Oct. 22, 2015 Rochester Institute of Technology, Rosica Hall, NTID, Rochester, New York (http://ssrn.com/abstract=2792636).
Keywords: IT Cybersecurity and Risk Management Compliance & Controls, Enterprise Risk Management, Model Risk Management, Cyber Finance, Risk Management, Cybersecurity and Penetration Testing, Professional Standards of Practice, Networks Protocols and Network Analysis, Systems and Networks Infrastructure
Suggested Citation: Suggested Citation