Operational IT Processes
This section gives a short overview of the operational processes which were selected for the integration with the Risk Management framework. At the end of each of the following paragraphs a short statement regarding the relevance of each process framework to IT Risk Management is included. For further information about the frameworks you may refer to the respective literature given in the paragraphs below.
Due to limited resources, the number of operational process frameworks, which could be considered for integration, was restricted. Hence, the decision was made to include ITIL, an application development process based on RUP, PRINCE2™ and CMMI in the project. The main reason for this choice is that these processes represent commonly used procedures and solutions for dealing with challenges which most companies have to meet, regardless of the business sector they are operating in. They are all to a certain extend accepted as de-facto standards. Furthermore, they are generally well documented and offer enough detail for integration with the ENISA RM/RA Framework, especially regarding the documentation of activities, roles and data elements. Additional frameworks, like CobiT, MOF among others, were also considered for integration, but could not be included mainly due to the above mentioned lack of resources. However, due to the significance of the selected process frameworks in practice, the project results are expected to be highly beneficial for the stakeholders of corporate IT Risk Management.
-
Interoperable EU Risk Management ToolboxThis document presents the EU RM toolbox, a solution proposed by ENISA to address interoperability concerns related to the use of information...
-
Interoperable EU Risk Management FrameworkThis report proposes a methodology for assessing the potential interoperability of risk management (RM) frameworks and methodologies and presents...