CERRIX AND

IT RISK MANAGEMENT

The complexity of IT infrastructures (applications, web-components, hardware, firmware etc) and its key role in today’s business operations, makes IT an important source of operational risk. This was also proven in the recent QIS studies executed by BIS (www.bis.org). CERRIX has interesting features that cope with IT risk management.

COBIT 4.1 support: The COBIT 4.1 framework supports IT managers to evaluate the maturity of its IT processes and brings guidelines on the management of IT processes. CERRIX makes it possible to evaluate the IT processes with COBIT and IT process controls. This permits IT managers to investigate potential control gaps in comparison with best practice like COBIT.

ISO 27002 support: The business its own Information security policies and controls can easily be evaluated with the ISO27002 policies and controls.

IT Risk Universe: In CERRIX, IT managers can map the IT building blocks in CERRIX and model its own risk universe. Typically, this universe consists of elements like business applications, data elements, ICT infra components and projects. Risks and Controls can be linked which will result in a powerful tool for total risk management.