The Key for Evaluating IT Asset, Risk Impact and Control Gap

---

A previous Journal article I wrote, “Information Systems Security Audit: An Ontological Framework,” briefly describes the security audit activities/process in one hierarchical structure. Now, in my recent Journal article, “IT Asset Valuation, Risk Assessment and Control Implementation Model,” I propose a different model that helps to measure, manage and implement concepts objectively by using the previously proposed ontological framework. The aim of my recent Journal article is to help you quantitatively conduct asset valuation, risk measurement, impact analysis and identification of the existing control gap of the company’s IT resource for a regulatory body, management, auditors and other concerned parties. My colleagues and I challenged to give similar pledge and equal valuation, due to nonexistence of clear and agreed-on models.
In general, the model would enable us to:

• Quantitatively measure the value of IT assets, risk impact and control implementation gap
• Facilitate the control follow-up process
• Use a common base for evaluating, monitoring, reporting and analyzing a risk assessment
• Realize the required skills of different models and security components
• Understand how the weight of an IT asset is assigned

The inspiration for my recent Journal article came from what I observed while working as IT and systems auditor. Without a clear and widely accepted risk model, it is challenging to provide a meaningful view of IT asset, risk and control gaps. My article provides an easy model to measure values of IT assets, risk, threat, vulnerability and control quantitatively and objectively for management and owners for the purpose of critical decision making.
Read Shemlse Gebremedhin Kassa’s recent Journal article:
“IT Asset Valuation, Risk Assessment and Control Implementation Model,” ISACA Journal, volume 3, 2017.