Toward Integrated Enterprise Risk Management, Model Risk Management & Cyber-Finance Risk Management: Bridging Networks, Systems and Controls Frameworks

Malhotra, Yogesh

doi:10.2139/ssrn.2792629

Download This Paper

Open PDF in Browser

Add Paper to My Library

Toward Integrated Enterprise Risk Management, Model Risk Management & Cyber-Finance Risk Management: Bridging Networks, Systems and Controls Frameworks

Presented at: 2015 NY Cyber Security & Engineering Technology Association Conference, Oct. 22, 2015, Rochester Institute of Technology, Rosica Hall, NTID, Rochester, New York

85 Pages Posted: 11 Jun 2016 Last revised: 23 Jul 2017

See all articles by Yogesh Malhotra

Yogesh Malhotra

Amazon Web Services Partner; Global Risk Management Network, LLC

Date Written: October 22, 2015

Abstract

By adopting and integrating the 3 levels of specific frameworks discussed herein, a financial institution can develop, maintain, improve, and sustain its enterprise risk management and compliance frameworks.

The proposed risk management framework identifies 3 levels for bridging the gaps in industry frameworks of prudent risk management and information assurance. Context-sensitive adaptation can be enabled by integration across vulnerability analysis and penetration testing embedded within overall systems and networks controls framework and risk management frameworks.

Given the discussed contexts of risk management, controls, and compliance frameworks, compliance can benefit from adapting the proposed framework to institution’s specific needs. Integration across the 3 levels of vulnerability analysis and penetration testing embedded within overall systems and networks controls and overarching risk management frameworks can facilitate such context-sensitive adaptation.

From perspective of the ISACA framework, vulnerability assessment and penetration testing can be embedded within IT audit framework of assessment of adequacy of internal controls for effective risk management and compliance.

Related Accepted Conference Paper: Bridging Networks, Systems and Controls Frameworks for Cybersecurity Curricula & Standards Development, 2015 NY Cyber Security & Engineering Technology Association Conference, Oct. 22, 2015 Rochester Institute of Technology, Rosica Hall, NTID, Rochester, New York (http://ssrn.com/abstract=2792636).

Keywords: IT Cybersecurity and Risk Management Compliance & Controls, Enterprise Risk Management, Model Risk Management, Cyber Finance, Risk Management, Cybersecurity and Penetration Testing, Professional Standards of Practice, Networks Protocols and Network Analysis, Systems and Networks Infrastructure

Suggested Citation: Suggested Citation

Malhotra, Yogesh, Toward Integrated Enterprise Risk Management, Model Risk Management & Cyber-Finance Risk Management: Bridging Networks, Systems and Controls Frameworks (October 22, 2015). Presented at: 2015 NY Cyber Security & Engineering Technology Association Conference, Oct. 22, 2015, Rochester Institute of Technology, Rosica Hall, NTID, Rochester, New York, Available at SSRN: https://ssrn.com/abstract=2792629 or http://dx.doi.org/10.2139/ssrn.2792629