IT Examiner School eBook

Risk Monitoring & Reporting

• A risk response is designed and implemented based on a risk assessment that was conducted at a single point in time. • Because of the changing nature of risk and associated controls, ongoing monitoring is an essential step of the risk

management life cycle. • Controls can be less effective • The operational environment may have changed, and new threats have emerged.

55

Risk Monitoring & Reporting: Key Risk Indicators (KRIs)

• Provide early warning • Provide back-ward looking view on risk events • Enable documentation and analysis of trends • Provide indication of risk appetite and tolerance

• Align controls with business objectives • Demonstrates Governance & oversight

• Examples of KRIs • Network Latency Reports • Frequency or Volume of locked accounts • Number of block IP addresses on a IPS or Firewall • Number of trouble/incident tickets • Out of date virus signatures or unpatched systems

56