Document Type

Closed Project

Publication Date

Winter 2011

Instructor

Jeffrey Busch

Course Title

Project Management

Course Number

ETM 545

Abstract

Managing Information Technology (IT) risk within large organization with disparate groups/business-units is a difficult task and presents many challenges. Ineffective risk management can expose the business to vulnerabilities, which result in fines, business loss, and possible the organizations brand recognition. By deploying an enterprise wide Information Technology Governance Risk and Compliance (IT- GRC) tool, organizations have the ability to identify, mitigate, and accept and manage risk to a reasonable level. Mandated by the Sarbanes-Oxley act of 2002, public traded corporations must implement internal security controls to sufficiently protect financial data. [1] An IT-GRC [2] tool provides a central repository where individuals, at different levels within the organization, can disposition, address, and accept risk. By doing so, the organization can document and properly assesses its risk posture from an Information Technology (IT) system perspective.

Description

This project is only available to students, faculty, and staff of Portland State University.

Persistent Identifier

http://archives.pdx.edu/ds/psu/22280

Share

COinS