Selecting a IT Risk Management Framework for your Organization

Date: Thursday, June 12, 2014 | Time: 8 am Pacific | 11 am Eastern


A risk management framework provides tools necessary to make decisions for investment in people, process and technology to contain risk to an acceptable level.

Popular risk framework for IT includes NIST Risk Assessment Framework documented in NIST Special Publication 800-30, ISACA Risk IT (part of COBIT 5, Control Objectives for Information and Related Technology), ISO 27k, OCTAVE, FAIR etc.

Choosing a framework to follow is a challenge in several organizations. There are many standards and factors to evaluate, including similarities to existing practices, costs, complexity, and supporting documentation.

Key points of focus include:

  • Why do you need a risk management framework?
  • Which framework is suited for your requirements?
  • Balancing qualitative and quantitative factors for risk assessments
  • Aligning your risk management program with business priorities
  • Best practices based on real world experience
Steve Blanding
Consultant and Former CIO and GRC Consultant
Satellite Tracking of People, LLC

Mr. Blanding is currently an independent IT management consultant. He has over 35 years of experience in executive I/T leadership, IT governance, risk and compliance (GRC), systems auditing, quality assurance, information security, and business resumption planning for large corporations in the Big-4 professional services, financial services, manufacturing, retail electronics, and defense contract industries. He has extensive experience with industry best practices for adopting and implementing new technologies, IT service management frameworks, and GRC solutions that have dramatically improved customer satisfaction while reducing cost. Mr. Blanding earned a B.S. in Accounting from Virginia Tech and an M.S. in Business Information Systems from Virginia Commonwealth University. He served as Editor for Auerbach’s Handbook of Enterprise Operations Management (EOM) in August 2000 and served as Consulting Editor of Auerbach’s EOM portfolio series from 1998 through 2001.

Vinaya Honavalli Sathyanarayana
Senior Product Manager

Mr. Sathyanarayana is the Senior Product Manager for IT-GRC at MetricStream. He has several years of experience spanning various aspects of information technology management and has previously worked with organizations such as Siemens Communication Software, Hewlett-Packard, Covansys Corporation, and Kirusa, Inc. in technical and business capacities.

Register to View this Recorded Webinar

Please fill mandatory fields