Standards and Testing Agency annual report and financial statements 2012-2013: (for the year ended 31 March 2013)

Enabling power: Education Act 1996, s. 537A (4) (5) (6). Issued: 29.05.2013. Made: 20.05.2013. Laid: 29.05.2013. Coming into force: 28.06.2013. Effect: S.I. 2009/1563 amended. Territorial extent and classification: E. General

The importance of monitoring the operational risk at the level of banking companies

The purpose of this paper is to analyze the potential operational banking risk losses and to introduce the key operational risk indicators. We present a possible matrix of the operational risk monitoring indicators and the correlations between the main types of the operational banking risks and the measures to prevent and diminish the operational risks. The majority of operational risk events should be prevented with the adequate procedures and for this reason, operational banking risks events need to be identified and monitored. It is very important for a bank to develop loss events tracking and reporting, that represent early warning signals in the banking risks management.operational risk, monitoring indicators, banking risk management

Assurance specification documentation standard and Data Item Descriptions (DID). Volume of the information system life-cycle and documentation standards, volume 4

This is the fourth of five volumes on Information System Life-Cycle and Documentation Standards. This volume provides a well organized, easily used standard for assurance documentation for information systems and software, hardware, and operational procedures components, and related processes. The specifications are developed in conjunction with the corresponding management plans specifying the assurance activities to be performed

Towards the Development of a Defensive Cyber Damage and Mission Impact Methodology

The purpose of this research is to establish a conceptual methodological framework that will facilitate effective cyber damage and mission impact assessment and reporting following a cyber-based information incidents. Joint and service guidance requires mission impact reporting, but current efforts to implement such reporting have proven ineffective. This research seeks to understand the impediments existing in the current implementation and to propose an improved methodology. The research employed a hybrid historical analysis and case study methodology for data collection through extensive literature review, examination of existing case study research and interviews with Air Force members and civilian personnel employed as experts in cyber damage and mission impact assessment of Air Force networks. Nine respondents provided valuable first-hand information about the current implementation cyber damage and mission impact assessment. This research identified several critical impediments to current mission impact assessment efforts on Air Force networks. Based upon these findings, a proposal is made for a new operations-focused defensive cyber damage and mission impact methodology. The methodology will address the critical impediments identified and will result in profound benefits in other areas of cyber asset protection. Recommendations for conceptual implementation and operationalization are presented and related future research topics are discussed

Mission Assurance: A Review of Continuity of Operations Guidance for Application to Cyber Incident Mission Impact Assessment (CIMIA)

Military organizations have embedded information technology (IT) into their core mission processes as a means to increase operational efficiency, improve decision-making quality, and shorten the sensor-to-shooter cycle. This IT-to-mission dependence can place the organizational mission at risk when an information incident (e.g., the loss or manipulation of a critical information resource) occurs. Non-military organizations typically address this type of IT risk through an introspective, enterprise-wide focused risk management program that continuously identifies, prioritizes, and documents risks so an economical set of control measures (e.g., people, processes, technology) can be selected to mitigate the risks to an acceptable level. The explicit valuation of information resources in terms of their ability to support the organizational mission objectives provides transparency and enables the creation of a continuity of operations plan and an incident recovery plan. While this type of planning has proven successful in static environments, military missions often involve dynamically changing, time-sensitive, complex, coordinated operations involving multiple organizational entities. As a consequence, risk mitigation efforts tend to be localized to each organizational entity making the enterprise-wide risk management approach to mission assurance infeasible. This thesis investigates the concept of mission assurance and presents a content analysis of existing continuity of operations elements within military and non-military guidance to assess the current policy landscape to highlight best practices and identify policy gaps in an effort to further enhance mission assurance by improving the timeliness and relevance of notification following an information incident