KnowledgeLeader Home Page

New This Week

KnowledgeLeader's Top IT Risk Tools

IT Performance Risk Key Performance Indicators (KPIs)

This tool outlines leading practices and questions for an organization to consider when evaluating its IT performance.

System Design Risk Key Performance Indicators (KPIs)

This tool includes key performance indicators and questions an organization should use to evaluate and manage its system design process.

Internal Audit Risk Assessment Questionnaire

This tool contains three samples that provide questions organizations can use for assessing and improving their internal audit functions.

Spreadsheet Risk Optimization Questionnaire

This questionnaire outlines the process to identify who manages critical spreadsheets within an organization and identify their use.

IT and Business Risk Alignment Guide

This tool can be used as a guide for understanding and assessing an organization’s IT and business risk alignment process.

IT Network Security Scope Memo

The purpose of this memo is to document the assumptions and decision criteria used in scoping the documentation efforts around network security.

Security Management Capability Maturity Model (CMM)

This capability maturity model can be used to measure the maturity of an organization’s security management process and to assist its progress from the initial/ad-hoc state toward the optimized state.

System Development Life Cycle Questionnaire

This tool contains two sample documents that highlight questions to consider when creating and measuring an organization’s system development life cycle process.

Connection to Untrusted Network Standard Policy

This sample policy documents security requirements surrounding network access between a company’s computer network and untrusted computer networks.

Data Access and User Authentication Policy

The purpose of this access management standard is to ensure that access to all company systems and applications is properly approved and monitored.

January 17, 2022

Disaster Recovery Team Policy

This policy provides guidelines and standards an organization can follow when creating and improving its disaster recovery plans.

Enterprise Assessment and Monitoring Policy

The purpose of this policy is to develop a consistent method for scheduling and managing company IT security assessment processes.

Information Technology (IT) Security Policy

This document contains two sample policies that establish guidelines an organization should follow to ensure that its IT security meets standard best practices.

IT Auditing and Logging Standard Policy

The purpose of this auditing and logging standard is to ensure that all company systems are auditable and that proper procedures are in place to identify and resolve all high-risk security, integrity and/or availability issues.

IT and Telephony Systems Acceptable Use Policy

This sample policy outlines guidelines and procedures common to proper use of a debt manager’s IT and telephony equipment, focusing on passwords, software downloading, email use, internet and website browsing use, removable electronic data storage media, telephones, and the Data Protection Act.

Mobile Device Acceptable Use Policy

This sample policy defines standards, procedures and restrictions for end users required to access corporate data from mobile devices.

Spreadsheet Controls Policy

This tool contains two samples that outline policies and procedures to give guidance and ensure compliance related to financial spreadsheet controls.

Business Continuity Management Audit Work Program

This tool contains three sample work programs that provide general steps organizations can take when conducting a business continuity management audit.

IT Continuity Review Audit Work Program

This sample audit program includes steps that can be used to audit an organization’s IT continuity process.

Social Engineering Audit Work Program

This sample work program provides general steps organizations should follow when performing a social engineering audit.

IT Risk Topic

We're featuring our top information technology risk content on KnowledgeLeader this week! Learn more about the basic methods for information technology risk management with these IT risk samples.

Upcoming Webinar

2022 Top Risks in the Financial Services Industry

January 25th, 2022 at 10:00 a.m. Pacific

Register Now