Theoretical framework for Risk management monitoring, review and improvement process of FLOSS applications using key risk indicators - KRI at a public agency
This document presents a theoretical framework for monitoring risks in FLOSS (Free/Libre Open Source Software) applications used by public agencies in Brazil. It discusses establishing a risk management process based on ISO 27005 and 31000 standards, including defining key risk indicators (KRIs) to monitor strategic and operational risks as recommended by COSO. The agency defined KRIs for monitoring issues on GitHub and security forums to track strategic risks, and community support and private vendor support to track operational risks for FLOSS applications. The document concludes that KRIs provide an effective way to monitor risks of FLOSS applications used by public bodies.
Understanding and Managing Risks in Management Systems AuditingPECB
The document discusses risks in management systems auditing and risk-based auditing approaches. It defines risk and outlines sources of audit risk such as sampling, time constraints, and independence issues. It also discusses managing risks through establishing procedures for the audit program, identifying and evaluating program risks, and adopting a risk management process of risk assessment, treatment, and monitoring. The overall message is that auditors must take a risk-based approach and apply risk management principles at all stages of the audit process to effectively fulfill audit objectives and manage audit risks.
The document discusses Solvency II, a European Union directive that aims to update insurance regulation. It has three pillars: quantitative requirements, governance/risk management, and disclosure. Complying requires overhauling financial applications and technology. Thinksoft can help insurers understand requirements, adopt the right IT model, prepare for compliance, and provide expert guidance on Solvency II. Their approach involves identifying objectives, resolving issues holistically, and understanding insurance business and Solvency II in detail.
ISO Standards support for Anti-Bribery investigations and audits in the cyber...PECB
This presentation was delivered by Anders Carlstedt, CEO at Parabellum Cybersecurity Services at The ISO 27001 & Anti-Bribery PECB Insights Conference.
Information Security Management System with ISO/IEC 27000:2018Goutama Bachtiar
The document provides an agenda for a workshop on ISO/IEC 27000:2018 Information Security Management Systems. The agenda covers understanding ISMS, an overview of ISO/IEC 27000:2018, exploring the requirements, navigating the controls, planning implementation, deploying ISMS, monitoring and evaluation, and continual improvement. The workshop will help participants understand how to establish, implement, and improve an organization's information security using the ISO standard.
Transparency International's Business Integrity Toolkit provides a six-step process for companies to build an effective anti-corruption program: Commit, Assess, Plan, Act, Monitor, and Report. The document outlines each step and what is expected from businesses. It provides examples of commitment statements and anti-bribery policies. Tools from Transparency International are also presented that can help with risk assessments, training, monitoring, and reporting on anti-corruption programs.
The document is the user's guide for the FFIEC Cybersecurity Assessment Tool. It provides an overview of the tool and guidance for institutions on how to complete the assessment. The assessment consists of two parts - an Inherent Risk Profile to identify inherent cyber risks, and a Cybersecurity Maturity assessment across five domains to determine preparedness levels. It describes how to determine risk levels for inherent risk factors and maturity levels for controls. The goal is to help institutions measure cybersecurity risks and preparedness over time to enhance risk management.
This document provides professional standards and guidance for individuals and organizations conducting fraud risk assessments in central government. It outlines the core competencies required for fraud risk assessment professionals in areas such as understanding fraud risks, communication skills, and conducting risk assessment processes. The document establishes three levels of competency - trainee, foundation, and practitioner - and provides guidance on processes, products, and organizational considerations for effective fraud risk assessment. It aims to facilitate a consistent approach to counter fraud across government.
Understanding and Managing Risks in Management Systems AuditingPECB
The document discusses risks in management systems auditing and risk-based auditing approaches. It defines risk and outlines sources of audit risk such as sampling, time constraints, and independence issues. It also discusses managing risks through establishing procedures for the audit program, identifying and evaluating program risks, and adopting a risk management process of risk assessment, treatment, and monitoring. The overall message is that auditors must take a risk-based approach and apply risk management principles at all stages of the audit process to effectively fulfill audit objectives and manage audit risks.
The document discusses Solvency II, a European Union directive that aims to update insurance regulation. It has three pillars: quantitative requirements, governance/risk management, and disclosure. Complying requires overhauling financial applications and technology. Thinksoft can help insurers understand requirements, adopt the right IT model, prepare for compliance, and provide expert guidance on Solvency II. Their approach involves identifying objectives, resolving issues holistically, and understanding insurance business and Solvency II in detail.
ISO Standards support for Anti-Bribery investigations and audits in the cyber...PECB
This presentation was delivered by Anders Carlstedt, CEO at Parabellum Cybersecurity Services at The ISO 27001 & Anti-Bribery PECB Insights Conference.
Information Security Management System with ISO/IEC 27000:2018Goutama Bachtiar
The document provides an agenda for a workshop on ISO/IEC 27000:2018 Information Security Management Systems. The agenda covers understanding ISMS, an overview of ISO/IEC 27000:2018, exploring the requirements, navigating the controls, planning implementation, deploying ISMS, monitoring and evaluation, and continual improvement. The workshop will help participants understand how to establish, implement, and improve an organization's information security using the ISO standard.
Transparency International's Business Integrity Toolkit provides a six-step process for companies to build an effective anti-corruption program: Commit, Assess, Plan, Act, Monitor, and Report. The document outlines each step and what is expected from businesses. It provides examples of commitment statements and anti-bribery policies. Tools from Transparency International are also presented that can help with risk assessments, training, monitoring, and reporting on anti-corruption programs.
The document is the user's guide for the FFIEC Cybersecurity Assessment Tool. It provides an overview of the tool and guidance for institutions on how to complete the assessment. The assessment consists of two parts - an Inherent Risk Profile to identify inherent cyber risks, and a Cybersecurity Maturity assessment across five domains to determine preparedness levels. It describes how to determine risk levels for inherent risk factors and maturity levels for controls. The goal is to help institutions measure cybersecurity risks and preparedness over time to enhance risk management.
This document provides professional standards and guidance for individuals and organizations conducting fraud risk assessments in central government. It outlines the core competencies required for fraud risk assessment professionals in areas such as understanding fraud risks, communication skills, and conducting risk assessment processes. The document establishes three levels of competency - trainee, foundation, and practitioner - and provides guidance on processes, products, and organizational considerations for effective fraud risk assessment. It aims to facilitate a consistent approach to counter fraud across government.
Analysis of current project risk management procedure by Spanish Business Unit of an automotive multinational company, which manufactures steering wheels and airbag modules.
Taking into account the PMI standards, different changes are established in the current procedure for the purpose of defining and implementing a project risk management procedure more useful and efficient.
New Ohio Cybersecurity Law RequirementsSkoda Minotti
Skoda Minotti’s Risk Advisory Services Group and Insurance Services Group are working closely with insurance industry licensees to meet the considerable requirements under the Ohio cybersecurity law. This presentation provides more detailed information about the law, and assists you with your understanding and implementation of the requirements.
Explanatory Note for the Internal Control and Risk Management Project of the ...OECD Governance
In the framework of a new project entitled “the corruption risk mapping for effective integrity reforms in MENA countries” and supported financially by the US grant, the MENA-OECD Governance Programme will conduct a regional analysis that focuses on the internal control systems and processes in the MENA region.
The document proposes a 360 Degree Risk Management Model to help organizations holistically manage risks. The model comprises people, processes, tools, and governance to 1) identify risks early, 2) mitigate negative risks, and 3) leverage learnings from risks to enhance competencies. Key aspects of the model include a corporate risk database, risk analytics dashboards, and knowledge sharing programs. The document argues the model can help organizations gain competitive advantages and improve outcomes by taking a more holistic view of risks.
A Framework For Information Security Risk Management CommunicationJustin Knight
This document proposes a framework called the Bornman Framework for Information Security Risk Management Communication (BFIC) to help organizations effectively communicate information security risk information between different management levels. The BFIC is made up of three groups of indicators - core indicators related to key risk management processes, indicators that support the identification and control processes, and overarching indicators related to risk management program support. The framework is designed to provide concise yet meaningful information on an organization's information security risk management program to ensure strategic management has the information needed for proper governance and oversight.
The document provides an overview of implementing a risk management system based on ISO 31000:2018 guidelines. It discusses the principles, framework and process for risk management. The key steps include defining risk management principles, developing a risk management framework, establishing a risk management process involving communication, context establishment, risk assessment, treatment, monitoring and review. The goal is to integrate risk management into all organizational activities and decision making.
The International Association of Risk and Compliance Professionals (IARCP) today announced a major revision of the Certified Information Systems Risk and Compliance Professional (CISRCP) certification program.
Operational risk is the risk of loss from inadequate or failed internal processes, people, and systems or from external events. This document provides a summary of operational risk, including:
1) It defines operational risk and provides examples such as business interruption, errors by employees, product failure, and IT systems failure.
2) Risks can be identified through various techniques like workshops and audits to assess processes. They are then assessed for impact and likelihood.
3) Operational risks are managed through techniques like risk acceptance, risk sharing, risk reduction, and risk avoidance such as purchasing insurance. Ongoing monitoring and review is important.
Cyber attacks continue to pose risks to organisations of all sizes. The document discusses how cyber crime is often financially motivated through theft of sensitive data and intellectual property. Over 90% of large businesses have experienced data breaches, costing millions and resulting in lost intellectual property worth billions annually in the UK. Organisations must comply with data protection regulations by implementing appropriate security controls and responding swiftly to breaches to avoid penalties. The TORI Cyber Exposure Review assesses an organisation's preparedness across technical, procedural and human factors to improve cyber defences.
If you have problem of not knowing how to build a foundation for information security, if you are faced with questions such as where to start and how to start then this white paper may have the solutions and answers for you. In this paper you learn how to build the foundation step by step. It is written by the expert but in a simple language that is easy to understand. I have seen many papers that addressed this issue but none in the style of this paper.
RiskWatch for Credit Unions™ will assist you in conducting a full risk assessment to meet the NCUA, Part 748 Standard. A complete standards library includes all security risk assessment elements for Credit Unions, including GLBA (Gramm Leach Bliley Act) Standards, as well as the Red Flags Identity Theft Requirement. Affordable and easy to use, RiskWatch makes it easy to meet regulator\'s requirements for risk assessment with both web-based and server-based online questionnaires that automatically write management reports with working papers, graphics, and complete audit trails.
RiskWatch Software is recommended by regulators because it assists the management and Board of the credit union to demonstrate compliance with existing requirements and prepares the risk assessment required annually by NCUA. Whether the Credit Union wants to conduct it\'s own assessment, or have RiskWatch assist in gathering information, hosting surveys, or analyzing and printing reports, RiskWatch for Credit Unions™ makes it easy. The product analyzes and managers technical service providers and the risk involved in outsourcing as well.
Society of Corporate Compliance and Ethics SCCE 2015 developing an effective ...Craig Taggart MBA
Areas Covered in the Webinar:
Identify fraud risks and the factors that influence them
Analyze existing risk management frameworks and their application to managing fraud risk
Develop and implement the necessary components of a successful fraud risk management program
Identify the elements of a strong ethical corporate culture
Conduct a cost effective fraud risk assessment
This document is a risk assessment report that contains several sections analyzing approaches to risk assessment for an organization's IT architecture. It discusses evaluating risk, qualitative and quantitative approaches, the organization's departments and how they interconnect, security certifications, and tools for conducting risk management research such as the Plus, Minus, Interesting method and applying the "what if" approach. The report provides an in-depth analysis of how to properly assess and manage risks to an organization's IT systems.
This document discusses fintech, regtech, and suptech. It defines regtech as technologies that help financial institutions comply with regulations more efficiently and effectively. Suptech is defined as the application of fintech by supervisory authorities. The document outlines how regtech and suptech can transform financial supervision by providing regulators with real-time data, exceptions-based monitoring, and predictive analytics. Regtech solutions help institutions with compliance, identity management, risk management, and reporting. Suptech allows regulators to modernize supervision through automated oversight, data collection, and predictive modeling. Overall, the document argues that regtech and suptech will fuel a new era of more sophisticated, data-driven financial regulation and supervision.
Presented at the MENA-OECD Business Integrity Training, 22-25 April, Kuwait. Organised by the MENA-OECD Investment Programme in cooperation with the IMF-Middle East Center for Economics and Finance
The document summarizes an internal auditor's workshop on using audits as a risk management tool. It includes the following:
- An overview of the risk management process including identifying risks, assessing and measuring risks, responding to risks, designing and testing controls, and continuously improving risk management.
- The three lines of defense in risk management - operational management owns risk management as the first line, risk management and compliance functions provide oversight as the second line, and internal audit provides independent assurance as the third line.
- Key aspects of the risk management process including governance, people, processes, and technology as well as identifying risks, assessing risks, developing risk response strategies, and monitoring risks.
Anti-Bribery and Corruption Compliance for Third PartiesDun & Bradstreet
In this white paper, Kelvin Dickenson, Managing Director of D&B Global Compliance Solutions, discusses thoughtful approaches to buidling a scalable, effective and proportionate anti-corruption program for third-party due dilligence.
This document sets out the core information that underpins the rimap® certification.
Its purpose is to define the academic and professional knowledge that candidates, organisations and individuals must demonstrate to receive the rimap® status. The Body of Knowledge is made up of seven blocks.
ComplianceOnline PPT Format 2015 Developing an Effective Fraud Risk Managemen...Craig Taggart
This webinar discusses developing an effective fraud risk management program. It covers identifying fraud risks and factors that influence them, analyzing risk management frameworks, developing necessary components of a fraud risk program, promoting an ethical corporate culture, and conducting fraud risk assessments. The webinar is presented by Craig Taggart, who has experience in mergers and acquisitions, business financing, and fraud examination. Attendees will learn how to identify, assess, and manage fraud risks from all sources to establish an anti-fraud culture within their organization. Statistical techniques and artificial intelligence for fraud detection are also discussed.
Adaptación del material didáctico de un curso de gobernanza impartido en setiembre 2018.
Tópicos tratados:
● Tecnología de la Información. DIKW.
● Normas y guías para la gobernanza corporativa de TI. ISO/IEC 38500. COBIT 5.
● Responsabilidad Social Corporativa – RSC. ISO/IEC 26000.
● Sostenibilidad. ISO/IEC 14000. TI sostenible.
● Gestión del cambio. Industria 4.0.
● Modelos de gestión del cambio. Cambio organizacional.
● Reengineering the corporation. Procesos de negocios. BPM, BPR, BPI.
● Innovación. Tipos y modelos. Buenas prácticas en innovación.
● Transformación digital. Digital vortex 2019.
● Modelo Iberoamericano de Excelencia en la gestión.
● SFIA. Marco de competencias para la era de la información.
A cultura Ágil Spotify: Exemplo de sucesso de Lean startup, Scrum e KanbanMarcelo Horacio Fortino
O documento descreve o modelo ágil adotado pela Spotify para organizar suas equipes de desenvolvimento de forma descentralizada e autônoma, promovendo a inovação, a colaboração e o foco no produto através de squads, tribes e guilds.
More Related Content
Similar to Theoretical framework for Risk management monitoring, review and improvement process of FLOSS applications using key risk indicators - KRI at a public agency
Analysis of current project risk management procedure by Spanish Business Unit of an automotive multinational company, which manufactures steering wheels and airbag modules.
Taking into account the PMI standards, different changes are established in the current procedure for the purpose of defining and implementing a project risk management procedure more useful and efficient.
New Ohio Cybersecurity Law RequirementsSkoda Minotti
Skoda Minotti’s Risk Advisory Services Group and Insurance Services Group are working closely with insurance industry licensees to meet the considerable requirements under the Ohio cybersecurity law. This presentation provides more detailed information about the law, and assists you with your understanding and implementation of the requirements.
Explanatory Note for the Internal Control and Risk Management Project of the ...OECD Governance
In the framework of a new project entitled “the corruption risk mapping for effective integrity reforms in MENA countries” and supported financially by the US grant, the MENA-OECD Governance Programme will conduct a regional analysis that focuses on the internal control systems and processes in the MENA region.
The document proposes a 360 Degree Risk Management Model to help organizations holistically manage risks. The model comprises people, processes, tools, and governance to 1) identify risks early, 2) mitigate negative risks, and 3) leverage learnings from risks to enhance competencies. Key aspects of the model include a corporate risk database, risk analytics dashboards, and knowledge sharing programs. The document argues the model can help organizations gain competitive advantages and improve outcomes by taking a more holistic view of risks.
A Framework For Information Security Risk Management CommunicationJustin Knight
This document proposes a framework called the Bornman Framework for Information Security Risk Management Communication (BFIC) to help organizations effectively communicate information security risk information between different management levels. The BFIC is made up of three groups of indicators - core indicators related to key risk management processes, indicators that support the identification and control processes, and overarching indicators related to risk management program support. The framework is designed to provide concise yet meaningful information on an organization's information security risk management program to ensure strategic management has the information needed for proper governance and oversight.
The document provides an overview of implementing a risk management system based on ISO 31000:2018 guidelines. It discusses the principles, framework and process for risk management. The key steps include defining risk management principles, developing a risk management framework, establishing a risk management process involving communication, context establishment, risk assessment, treatment, monitoring and review. The goal is to integrate risk management into all organizational activities and decision making.
The International Association of Risk and Compliance Professionals (IARCP) today announced a major revision of the Certified Information Systems Risk and Compliance Professional (CISRCP) certification program.
Operational risk is the risk of loss from inadequate or failed internal processes, people, and systems or from external events. This document provides a summary of operational risk, including:
1) It defines operational risk and provides examples such as business interruption, errors by employees, product failure, and IT systems failure.
2) Risks can be identified through various techniques like workshops and audits to assess processes. They are then assessed for impact and likelihood.
3) Operational risks are managed through techniques like risk acceptance, risk sharing, risk reduction, and risk avoidance such as purchasing insurance. Ongoing monitoring and review is important.
Cyber attacks continue to pose risks to organisations of all sizes. The document discusses how cyber crime is often financially motivated through theft of sensitive data and intellectual property. Over 90% of large businesses have experienced data breaches, costing millions and resulting in lost intellectual property worth billions annually in the UK. Organisations must comply with data protection regulations by implementing appropriate security controls and responding swiftly to breaches to avoid penalties. The TORI Cyber Exposure Review assesses an organisation's preparedness across technical, procedural and human factors to improve cyber defences.
If you have problem of not knowing how to build a foundation for information security, if you are faced with questions such as where to start and how to start then this white paper may have the solutions and answers for you. In this paper you learn how to build the foundation step by step. It is written by the expert but in a simple language that is easy to understand. I have seen many papers that addressed this issue but none in the style of this paper.
RiskWatch for Credit Unions™ will assist you in conducting a full risk assessment to meet the NCUA, Part 748 Standard. A complete standards library includes all security risk assessment elements for Credit Unions, including GLBA (Gramm Leach Bliley Act) Standards, as well as the Red Flags Identity Theft Requirement. Affordable and easy to use, RiskWatch makes it easy to meet regulator\'s requirements for risk assessment with both web-based and server-based online questionnaires that automatically write management reports with working papers, graphics, and complete audit trails.
RiskWatch Software is recommended by regulators because it assists the management and Board of the credit union to demonstrate compliance with existing requirements and prepares the risk assessment required annually by NCUA. Whether the Credit Union wants to conduct it\'s own assessment, or have RiskWatch assist in gathering information, hosting surveys, or analyzing and printing reports, RiskWatch for Credit Unions™ makes it easy. The product analyzes and managers technical service providers and the risk involved in outsourcing as well.
Society of Corporate Compliance and Ethics SCCE 2015 developing an effective ...Craig Taggart MBA
Areas Covered in the Webinar:
Identify fraud risks and the factors that influence them
Analyze existing risk management frameworks and their application to managing fraud risk
Develop and implement the necessary components of a successful fraud risk management program
Identify the elements of a strong ethical corporate culture
Conduct a cost effective fraud risk assessment
This document is a risk assessment report that contains several sections analyzing approaches to risk assessment for an organization's IT architecture. It discusses evaluating risk, qualitative and quantitative approaches, the organization's departments and how they interconnect, security certifications, and tools for conducting risk management research such as the Plus, Minus, Interesting method and applying the "what if" approach. The report provides an in-depth analysis of how to properly assess and manage risks to an organization's IT systems.
This document discusses fintech, regtech, and suptech. It defines regtech as technologies that help financial institutions comply with regulations more efficiently and effectively. Suptech is defined as the application of fintech by supervisory authorities. The document outlines how regtech and suptech can transform financial supervision by providing regulators with real-time data, exceptions-based monitoring, and predictive analytics. Regtech solutions help institutions with compliance, identity management, risk management, and reporting. Suptech allows regulators to modernize supervision through automated oversight, data collection, and predictive modeling. Overall, the document argues that regtech and suptech will fuel a new era of more sophisticated, data-driven financial regulation and supervision.
Presented at the MENA-OECD Business Integrity Training, 22-25 April, Kuwait. Organised by the MENA-OECD Investment Programme in cooperation with the IMF-Middle East Center for Economics and Finance
The document summarizes an internal auditor's workshop on using audits as a risk management tool. It includes the following:
- An overview of the risk management process including identifying risks, assessing and measuring risks, responding to risks, designing and testing controls, and continuously improving risk management.
- The three lines of defense in risk management - operational management owns risk management as the first line, risk management and compliance functions provide oversight as the second line, and internal audit provides independent assurance as the third line.
- Key aspects of the risk management process including governance, people, processes, and technology as well as identifying risks, assessing risks, developing risk response strategies, and monitoring risks.
Anti-Bribery and Corruption Compliance for Third PartiesDun & Bradstreet
In this white paper, Kelvin Dickenson, Managing Director of D&B Global Compliance Solutions, discusses thoughtful approaches to buidling a scalable, effective and proportionate anti-corruption program for third-party due dilligence.
This document sets out the core information that underpins the rimap® certification.
Its purpose is to define the academic and professional knowledge that candidates, organisations and individuals must demonstrate to receive the rimap® status. The Body of Knowledge is made up of seven blocks.
ComplianceOnline PPT Format 2015 Developing an Effective Fraud Risk Managemen...Craig Taggart
This webinar discusses developing an effective fraud risk management program. It covers identifying fraud risks and factors that influence them, analyzing risk management frameworks, developing necessary components of a fraud risk program, promoting an ethical corporate culture, and conducting fraud risk assessments. The webinar is presented by Craig Taggart, who has experience in mergers and acquisitions, business financing, and fraud examination. Attendees will learn how to identify, assess, and manage fraud risks from all sources to establish an anti-fraud culture within their organization. Statistical techniques and artificial intelligence for fraud detection are also discussed.
Similar to Theoretical framework for Risk management monitoring, review and improvement process of FLOSS applications using key risk indicators - KRI at a public agency (20)
Adaptación del material didáctico de un curso de gobernanza impartido en setiembre 2018.
Tópicos tratados:
● Tecnología de la Información. DIKW.
● Normas y guías para la gobernanza corporativa de TI. ISO/IEC 38500. COBIT 5.
● Responsabilidad Social Corporativa – RSC. ISO/IEC 26000.
● Sostenibilidad. ISO/IEC 14000. TI sostenible.
● Gestión del cambio. Industria 4.0.
● Modelos de gestión del cambio. Cambio organizacional.
● Reengineering the corporation. Procesos de negocios. BPM, BPR, BPI.
● Innovación. Tipos y modelos. Buenas prácticas en innovación.
● Transformación digital. Digital vortex 2019.
● Modelo Iberoamericano de Excelencia en la gestión.
● SFIA. Marco de competencias para la era de la información.
A cultura Ágil Spotify: Exemplo de sucesso de Lean startup, Scrum e KanbanMarcelo Horacio Fortino
O documento descreve o modelo ágil adotado pela Spotify para organizar suas equipes de desenvolvimento de forma descentralizada e autônoma, promovendo a inovação, a colaboração e o foco no produto através de squads, tribes e guilds.
O documento fornece instruções sobre como estudar e trabalhar com o Ubuntu Linux 12.04. Ele explica o que é software livre e Ubuntu, as vantagens do Ubuntu, as características e funcionalidades da interface gráfica do usuário do Ubuntu 12.04, como abrir e usar aplicativos, localizar arquivos e configurar o ambiente Unity.
Este documento proporciona información sobre la nueva versión 11.04 de Ubuntu, incluyendo sus características principales como el navegador web Firefox, la suite ofimática LibreOffice y la interfaz gráfica Unity. Explica también las ventajas de usar software libre y Ubuntu, como mayor seguridad, libertad de uso y soporte comunitario.
Carrer goals.pptx and their importance in real lifeartemacademy2
Career goals serve as a roadmap for individuals, guiding them toward achieving long-term professional aspirations and personal fulfillment. Establishing clear career goals enables professionals to focus their efforts on developing specific skills, gaining relevant experience, and making strategic decisions that align with their desired career trajectory. By setting both short-term and long-term objectives, individuals can systematically track their progress, make necessary adjustments, and stay motivated. Short-term goals often include acquiring new qualifications, mastering particular competencies, or securing a specific role, while long-term goals might encompass reaching executive positions, becoming industry experts, or launching entrepreneurial ventures.
Moreover, having well-defined career goals fosters a sense of purpose and direction, enhancing job satisfaction and overall productivity. It encourages continuous learning and adaptation, as professionals remain attuned to industry trends and evolving job market demands. Career goals also facilitate better time management and resource allocation, as individuals prioritize tasks and opportunities that advance their professional growth. In addition, articulating career goals can aid in networking and mentorship, as it allows individuals to communicate their aspirations clearly to potential mentors, colleagues, and employers, thereby opening doors to valuable guidance and support. Ultimately, career goals are integral to personal and professional development, driving individuals toward sustained success and fulfillment in their chosen fields.
• For a full set of 530+ questions. Go to
https://skillcertpro.com/product/servicenow-cis-itsm-exam-questions/
• SkillCertPro offers detailed explanations to each question which helps to understand the concepts better.
• It is recommended to score above 85% in SkillCertPro exams before attempting a real exam.
• SkillCertPro updates exam questions every 2 weeks.
• You will get life time access and life time free updates
• SkillCertPro assures 100% pass guarantee in first attempt.
XP 2024 presentation: A New Look to Leadershipsamililja
Presentation slides from XP2024 conference, Bolzano IT. The slides describe a new view to leadership and combines it with anthro-complexity (aka cynefin).
The importance of sustainable and efficient computational practices in artificial intelligence (AI) and deep learning has become increasingly critical. This webinar focuses on the intersection of sustainability and AI, highlighting the significance of energy-efficient deep learning, innovative randomization techniques in neural networks, the potential of reservoir computing, and the cutting-edge realm of neuromorphic computing. This webinar aims to connect theoretical knowledge with practical applications and provide insights into how these innovative approaches can lead to more robust, efficient, and environmentally conscious AI systems.
Webinar Speaker: Prof. Claudio Gallicchio, Assistant Professor, University of Pisa
Claudio Gallicchio is an Assistant Professor at the Department of Computer Science of the University of Pisa, Italy. His research involves merging concepts from Deep Learning, Dynamical Systems, and Randomized Neural Systems, and he has co-authored over 100 scientific publications on the subject. He is the founder of the IEEE CIS Task Force on Reservoir Computing, and the co-founder and chair of the IEEE Task Force on Randomization-based Neural Networks and Learning Systems. He is an associate editor of IEEE Transactions on Neural Networks and Learning Systems (TNNLS).
This presentation by Tim Capel, Director of the UK Information Commissioner’s Office Legal Service, was made during the discussion “The Intersection between Competition and Data Privacy” held at the 143rd meeting of the OECD Competition Committee on 13 June 2024. More papers and presentations on the topic can be found at oe.cd/ibcdp.
This presentation was uploaded with the author’s consent.
This presentation by Katharine Kemp, Associate Professor at the Faculty of Law & Justice at UNSW Sydney, was made during the discussion “The Intersection between Competition and Data Privacy” held at the 143rd meeting of the OECD Competition Committee on 13 June 2024. More papers and presentations on the topic can be found at oe.cd/ibcdp.
This presentation was uploaded with the author’s consent.
This presentation by Thibault Schrepel, Associate Professor of Law at Vrije Universiteit Amsterdam University, was made during the discussion “Artificial Intelligence, Data and Competition” held at the 143rd meeting of the OECD Competition Committee on 12 June 2024. More papers and presentations on the topic can be found at oe.cd/aicomp.
This presentation was uploaded with the author’s consent.
1.) Introduction
Our Movement is not new; it is the same as it was for Freedom, Justice, and Equality since we were labeled as slaves. However, this movement at its core must entail economics.
2.) Historical Context
This is the same movement because none of the previous movements, such as boycotts, were ever completed. For some, maybe, but for the most part, it’s just a place to keep your stable until you’re ready to assimilate them into your system. The rest of the crabs are left in the world’s worst parts, begging for scraps.
3.) Economic Empowerment
Our Movement aims to show that it is indeed possible for the less fortunate to establish their economic system. Everyone else – Caucasian, Asian, Mexican, Israeli, Jews, etc. – has their systems, and they all set up and usurp money from the less fortunate. So, the less fortunate buy from every one of them, yet none of them buy from the less fortunate. Moreover, the less fortunate really don’t have anything to sell.
4.) Collaboration with Organizations
Our Movement will demonstrate how organizations such as the National Association for the Advancement of Colored People, National Urban League, Black Lives Matter, and others can assist in creating a much more indestructible Black Wall Street.
5.) Vision for the Future
Our Movement will not settle for less than those who came before us and stopped before the rights were equal. The economy, jobs, healthcare, education, housing, incarceration – everything is unfair, and what isn’t is rigged for the less fortunate to fail, as evidenced in society.
6.) Call to Action
Our movement has started and implemented everything needed for the advancement of the economic system. There are positions for only those who understand the importance of this movement, as failure to address it will continue the degradation of the people deemed less fortunate.
No, this isn’t Noah’s Ark, nor am I a Prophet. I’m just a man who wrote a couple of books, created a magnificent website: http://www.thearkproject.llc, and who truly hopes to try and initiate a truly sustainable economic system for deprived people. We may not all have the same beliefs, but if our methods are tried, tested, and proven, we can come together and help others. My website: http://www.thearkproject.llc is very informative and considerably controversial. Please check it out, and if you are afraid, leave immediately; it’s no place for cowards. The last Prophet said: “Whoever among you sees an evil action, then let him change it with his hand [by taking action]; if he cannot, then with his tongue [by speaking out]; and if he cannot, then, with his heart – and that is the weakest of faith.” [Sahih Muslim] If we all, or even some of us, did this, there would be significant change. We are able to witness it on small and grand scales, for example, from climate control to business partnerships. I encourage, invite, and challenge you all to support me by visiting my website.
This presentation by OECD, OECD Secretariat, was made during the discussion “Artificial Intelligence, Data and Competition” held at the 143rd meeting of the OECD Competition Committee on 12 June 2024. More papers and presentations on the topic can be found at oe.cd/aicomp.
This presentation was uploaded with the author’s consent.
This presentation by Professor Alex Robson, Deputy Chair of Australia’s Productivity Commission, was made during the discussion “Competition and Regulation in Professions and Occupations” held at the 77th meeting of the OECD Working Party No. 2 on Competition and Regulation on 10 June 2024. More papers and presentations on the topic can be found at oe.cd/crps.
This presentation was uploaded with the author’s consent.
This presentation by OECD, OECD Secretariat, was made during the discussion “The Intersection between Competition and Data Privacy” held at the 143rd meeting of the OECD Competition Committee on 13 June 2024. More papers and presentations on the topic can be found at oe.cd/ibcdp.
This presentation was uploaded with the author’s consent.
Why Psychological Safety Matters for Software Teams - ACE 2024 - Ben Linders.pdfBen Linders
Psychological safety in teams is important; team members must feel safe and able to communicate and collaborate effectively to deliver value. It’s also necessary to build long-lasting teams since things will happen and relationships will be strained.
But, how safe is a team? How can we determine if there are any factors that make the team unsafe or have an impact on the team’s culture?
In this mini-workshop, we’ll play games for psychological safety and team culture utilizing a deck of coaching cards, The Psychological Safety Cards. We will learn how to use gamification to gain a better understanding of what’s going on in teams. Individuals share what they have learned from working in teams, what has impacted the team’s safety and culture, and what has led to positive change.
Different game formats will be played in groups in parallel. Examples are an ice-breaker to get people talking about psychological safety, a constellation where people take positions about aspects of psychological safety in their team or organization, and collaborative card games where people work together to create an environment that fosters psychological safety.
This presentation by OECD, OECD Secretariat, was made during the discussion “Pro-competitive Industrial Policy” held at the 143rd meeting of the OECD Competition Committee on 12 June 2024. More papers and presentations on the topic can be found at oe.cd/pcip.
This presentation was uploaded with the author’s consent.
This presentation by Professor Giuseppe Colangelo, Jean Monnet Professor of European Innovation Policy, was made during the discussion “The Intersection between Competition and Data Privacy” held at the 143rd meeting of the OECD Competition Committee on 13 June 2024. More papers and presentations on the topic can be found at oe.cd/ibcdp.
This presentation was uploaded with the author’s consent.
This presentation by Juraj Čorba, Chair of OECD Working Party on Artificial Intelligence Governance (AIGO), was made during the discussion “Artificial Intelligence, Data and Competition” held at the 143rd meeting of the OECD Competition Committee on 12 June 2024. More papers and presentations on the topic can be found at oe.cd/aicomp.
This presentation was uploaded with the author’s consent.
This presentation by OECD, OECD Secretariat, was made during the discussion “Competition and Regulation in Professions and Occupations” held at the 77th meeting of the OECD Working Party No. 2 on Competition and Regulation on 10 June 2024. More papers and presentations on the topic can be found at oe.cd/crps.
This presentation was uploaded with the author’s consent.
This presentation by Yong Lim, Professor of Economic Law at Seoul National University School of Law, was made during the discussion “Artificial Intelligence, Data and Competition” held at the 143rd meeting of the OECD Competition Committee on 12 June 2024. More papers and presentations on the topic can be found at oe.cd/aicomp.
This presentation was uploaded with the author’s consent.
Disaster Management project for holidays homework and other uses
Theoretical framework for Risk management monitoring, review and improvement process of FLOSS applications using key risk indicators - KRI at a public agency
1. Theoretical framework for risk management
monitoring, review and improvement process of
FLOSS applications using key risk indicators -
KRI at a public agency
Marcelo Horacio Fortino, João Marcelo da Silva, Milvon Lopes dos Santos,
Marcelo Ata de Neto and Marcelo Mafra Leal.ıı
Department of Computer Science, University of Brasılia
Bras lia, DF, 70910-900 Brasil.ıı
47 JAIIO | SIE 2018 - Simposio de Informática en el Estado
2. Introduction
● The article aims to present the theoretical
framework for Risk management monitoring,
review and improvement process of FLOSS
applications using key risk indicators - KRI at a
public agency.
47 JAIIO | SIE 2018 - Simposio de Informática en el Estado
3. Introduction
● In the last decade public bodies have been increasingly
using FLOSS both to cover own operational needs and
to offer new and varied services to citizens.
● In this context, good governance rules suggest the
establishment of the risk management process, in
accordance with the ISO/IEC 27005 and ISO/IEC
31000 standards, wich broadly defines the context
definition, analysis and risk assessment, risk
management, communication, and critical risk
monitoring and review of the organization’s assets.
47 JAIIO | SIE 2018 - Simposio de Informática en el Estado
5. Use of KRI for monitoring
● For the risk monitoring and review process, the
COSO organization promotes the use of key
risk indicators - KRI that help monitor alerts,
changes in risk conditions, or new risks that
may arise in the course of day to day
operations.
47 JAIIO | SIE 2018 - Simposio de Informática en el Estado
6. Why FLOSS?
● public bodies have been increasingly using
FLOSS during the last decade because of:
– Budget constraints caused by the economic crisis
– Promotion of Free and Open Source Software -
FLOSS by the brazilian federal government
47 JAIIO | SIE 2018 - Simposio de Informática en el Estado
7. Governo Digital: Diretrizes
● “a opção pelo software livre não pode ser
entendida somente como motivada por
aspectos econômicos, mas pelas
possibilidades que abre no campo da produção
e circulação de conhecimento, no acesso a
novas tecnologias e no estímulo ao
desenvolvimento de software em ambientes
colaborativos e ao desenvolvimento de
software nacional.”
47 JAIIO | SIE 2018 - Simposio de Informática en el Estado
Governo Digital: diretriz #3
8. FLOSS advantages
FLOSS advantages compared to proprietary
software:
● Avoids relying solely on a single vendor (vendor
lock in)
● Promotes savings on license fees
● Provides flexibility to make modifications and
adaptations to the needs of the organization
(WOODS et AL, 2005)
47 JAIIO | SIE 2018 - Simposio de Informática en el Estado
9. FLOSS and risk management
But…
● it is not immune to risks.
So…
● Good governance rules suggest the establishment of the risk management
process, which, in accordance with the ISO/IEC 27005 and ISO/IEC 31000
rules, broadly defines the context definition, analysis and risk assessment,
risk management, communication, and critical risk monitoring and review of
the organization’s assets.
●
On this latter process, the COSO organization encourages the use of the
Key Risk Indicators (KRIs) that help monitor alerts, changes in risk
conditions, or new risks that may arise during the organization’s activities.
47 JAIIO | SIE 2018 - Simposio de Informática en el Estado
10. Governance and risk management
● Public organizations must comply with laws and regulations
emanating from the Federal Government and the states.
● Nowadays, in the public sector is essential to advance in
the establishment of corporate governance that aligns the
strategy of the business objectives to the day to day
operations to reach the goals established in the
programmed plans.
● In this context, risk management improves results by
achieving efficiency and effectiveness in the performance
of daily operations and programs.
47 JAIIO | SIE 2018 - Simposio de Informática en el Estado
11. Brazil’s federal government
● IT department of the agency is guided by SLTI Normative
Instruction IN 04/2014 and Normative Instruction IN 01/2016
jointly with the MP/CGU.
● Article 13 of IN 04/2014 establishes that a Risk Analysis should be
elaborated by the risk team identifying, measuring the
probabilities of occurrence and severity, and the actions planned
to reduce or eliminate risks. Finally, the team must define the
contingency actions in case the events take place.
● In IN 01/2016, Article 1 establishes that the agencies and entities
of the Federal Executive Branch should adopt measures for the
systematization of practices related to risk management, internal
controls, and governance.
47 JAIIO | SIE 2018 - Simposio de Informática en el Estado
12. Risk definition: ISO Guide 73
ISO/IEC Standard GUIDE 73: 2009
Risk Management – Vocabulary:
● Risk is ”an effect of uncertainty in the objectives”,
where ”an effect is a deviation from the expected
Positive and/or negative” and the uncertainty is ”
the state, even if partial, of the deficiency of
information related to an event, its understanding,
its knowledge, its consequence or its probability.”
47 JAIIO | SIE 2018 - Simposio de Informática en el Estado
13. Risk definition: ISO 31010
ISO/IEC 31010 risk criteria definition:
● One must decide the ”nature and types of
consequences to be included and how they will be
measured, how probabilities are to be expressed, and
how a level of risk will be determined.”
● A posteriori it should be established when a risk needs
treatment, whether it is acceptable and/or tolerable and
the appetite (degree of uncertainty that an entity is
willing to accept, expecting a reward - PMBOK) to the
risk of the organization.
47 JAIIO | SIE 2018 - Simposio de Informática en el Estado
14. Risk mngt process definition
ISO/IEC Guide 73 definition of risk management process
● ”the systematic application of policies,
procedures and management practices for
the activities of communication,
consultation, establishment of the context,
and the identification, analysis, evaluation,
treatment, monitoring and critical risk
analysis.”
47 JAIIO | SIE 2018 - Simposio de Informática en el Estado
15. Risk mngt process definition
ISO/IEC 27005 establish that the information security risk
management process consist of:
● Context establishment (Clause 7),
● Risk assessment (Clause 8),
● Risk treatment (Clause 9),
● Risk acceptance (Clause 10),
● Risk communication and consultation (Clause
11), and
● Risk monitoring and review (Clause 12).”
47 JAIIO | SIE 2018 - Simposio de Informática en el Estado
16. FLOSS Specific Risks
According to the FFIEC Guidance three types of risks can be
established in FLOSS: strategic risks, legal risks and operational
risks.
●
Strategic risks include the ability to customize software, compatibility and
interoperability with other applications, available support, return on investment or
TCO, and maturity. The latter includes security, time in the market and analysis of
the community that develops it.
● The legal risks are about the type of license and if you have guarantees.
●
Operational risks are the integrity of the source code, available documentation,
and external application support.
● The Black Duck company in its study Open Source Security
Audits similarly establishes:
●
security risks (strategic), licensing risks (legal) and operational risks.
47 JAIIO | SIE 2018 - Simposio de Informática en el Estado
17. Introduction to ISO/IEC 27005
● ISO/IEC 27005 Information technology - Security techniques –
Information security risk management, presents the cycle of risk
control in the organization.
● It contains the description of the information security risk
management process and its activities. The activities of the
process begin with the activity of Context Establishement,
followed by the Risk Assessment that contains the Identification,
Analysis and Evaluation of Risks. The Analysis stage includes the
processes of Risk Identification, and Risk Estimation.
● Then, the following steps will be carried out: Risk Management,
Risk Acceptance, Risk Communication and consultation, and Risk
Monitoring and Review.
47 JAIIO | SIE 2018 - Simposio de Informática en el Estado
18. ISO/IEC 27005 Risk Mngt Process
Fig: ISO/IEC 27005.
Font: ISO 27005:2011
47 JAIIO | SIE 2018 - Simposio de Informática en el Estado
19. ISO 27005 – COBIT 5
The following COBIT 5 areas and
domains are covered by ISO 27000:
● Security- and risk-related processes
in the EDM, APO and DSS domains
● Various security-related activities
within processes in other domains
● Monitor and evaluating activities
from the MEA domain.
47 JAIIO | SIE 2018 - Simposio de Informática en el Estado
Figure: COBIT 5®.
Source: ISACA.
20. Risk Management Plan
The agency established the creation of the Risk Management
Plan to define, monitor and control the risks of the
applications. Included in the plan are:
● Methodology, functions and responsibilities;
● Risk category, probability and risk impact definitions;
● Risk tolerance level;
● Format reports (how communications will be maintained,
updated, analyzed and transmitted); and
● Guidelines for monitoring, which are included in the Risk
Monitoring and Control process.
47 JAIIO | SIE 2018 - Simposio de Informática en el Estado
21. Risk Monitoring and Control
Process
It aims to:
● Monitor and control risks so that adequate
response plans are implemented;
● Follow up on residual risks;
● Identify new risks; and
● Evaluate the effectiveness of risk management.
47 JAIIO | SIE 2018 - Simposio de Informática en el Estado
22. Risk Monitoring and Control
Process
It’s a continuous effort, which must be carried out during all phases of the Risk
Management Process. The Standard ISO/IEC 31010 states that it should be
analyzed and verified:
● The risk assumptions remain valid;
● The premises on which the risk assessment process is based, including the
external and internal context, remain valid;
● Expected results are being achieved;
● The results of the risk assessment process are in line with current
experience;
● The techniques of the risk assessment process are being applied appropri-
● ately; and
● Risk treatments are effective.
47 JAIIO | SIE 2018 - Simposio de Informática en el Estado
23. ISO/IEC 31010
Figure: The risk
management process
as defined in ISO 31010
Source: ISO, 2009
47 JAIIO | SIE 2018 - Simposio de Informática en el Estado
24. Use of KRI for monitoring risks
● The agency defined that the responses and
respective risk control measures previously
established by the applications’ managers will
be monitored, with the purpose of evaluating
the performance and effectiveness, through key
risk indicators - KRI built for this purpose.
● The periodicity of the evaluations will be
monthly.
47 JAIIO | SIE 2018 - Simposio de Informática en el Estado
25. COSO Framework
● In 1992 COSO launched the widespread
framework COSO - Internal Control - Integrated
Framework, which was last updated in 2013,
being ”a conceptual model for the internal
control system, useful for organizations in the
development and maintenance of systems
aligned with business objectives and adapted
to the constant changes in the business
environment.” (COSO, 2013).
● COSO aims to standardize internal control
definitions; define components, objectives and
objects of internal control in an integrated
model; outline roles and responsibilities of
management; establish standards for
implementation and validation; and finally
create a means to monitor, evaluate and report
internal controls.
47 JAIIO | SIE 2018 - Simposio de Informática en el Estado
Figure: Internal Control
Cube. Source: COSO,
2013
26. COSO ERM Framework
● In turn, the work
Enterprise Risk
Management—Integrated
Framework, ”extends its
reach into internal
controls, offering a more
vigorous and extensive
focus on the broader
subject of enterprise risk
management.” (COSO,
2007).
47 JAIIO | SIE 2018 - Simposio de Informática en el Estado
Figure: ERM Cube.
Source: COSO, 2013
27. Definition of key KRI indicators
● Based on the work ”COSO
Corporate Risk Management
- Integrated Framework
(ERM Framework)”;
● Paper ”Developing key risk
indicators to strengthen
enterprise risk
management.”
47 JAIIO | SIE 2018 - Simposio de Informática en el Estado
28. KPIs and KRIs
● Several organizations are currently monitoring their
progress with key KPIs - key performance indicators that
track business goals.
● The BSC - Balance Scorecard methodology, is generally
used to provide the company with an integrated view
because it encompasses indicators of financial
performance, customers, internal processes, and learning
and growth.
● But these indicators do not present information about risk
events that could hit the company because they are based
on past events.
47 JAIIO | SIE 2018 - Simposio de Informática en el Estado
29. KRI advantages
● As a result, COSO encourages the use of Key
Risk Indicators (KRIs) that help:
● Monitor alerts;
● Changes in risk conditions; and
● New risks that may arise in the course of day to
day operations.
47 JAIIO | SIE 2018 - Simposio de Informática en el Estado
30. KRI - Goal
Goal of developing effective key risk indicators is:
● Identify relevant metrics that warn of potential
risks that could have an impact on attainment
objectives of the organization.
47 JAIIO | SIE 2018 - Simposio de Informática en el Estado
31. KRI – Key Elements
● Be based on established practices or benchmarks;
● Be developed throughout the organization;
● Provide unambiguous and intuitive insight into
monitored risk;
● Facilitate measurable comparison between business
units over time;
● Provide opportunities to periodically verify the
performance of risk owners; and
● Consume resources efficiently. (COSO, 2010)
47 JAIIO | SIE 2018 - Simposio de Informática en el Estado
32. Establishing KRI
● In order to define the risks to be monitored and
their respective controls, three specific risk
indicators were defined for the monitoring of
FLOSS applications using the brainstorming
technique.
● In the formal session, IT managers participated
along with the technical and business
managers of the applications to be monitored.
47 JAIIO | SIE 2018 - Simposio de Informática en el Estado
33. Establishing KRI
● As a result, there has been established KRI for
strategic risk and operational risks.
● The legal risk was disregarded in this case for
monitoring through key risk indicators because
it has a low degree of probability and impact.
47 JAIIO | SIE 2018 - Simposio de Informática en el Estado
34. KRI – Strategic Risks
● For strategic risks, the two key risk indicators were:
● The analysis of the application specific security fórum; and
● Monitoring a general security forum, such as https://nvd.nist.gov/.
47 JAIIO | SIE 2018 - Simposio de Informática en el Estado
Fig.: NIST WebSite Front Page. Font: M.H.Fortino
35. KRI – Opertional Risks
1) Monitoring the progress of the open issues and the relation between the open
and closed ones with the purpose of conferring the degree of developer
involvement in the application at the portal https://www.github.com/; and
2) The number of private companies that support the application.
47 JAIIO | SIE 2018 - Simposio de Informática en el Estado
Fig.: GitHub WebSite Front Page. Font: M.H.Fortino
36. FLOSS Key Risk Indicators
Fig.: FLOSS KRI’s. Font: M.H.Fortino
47 JAIIO | SIE 2018 - Simposio de Informática en el Estado
37. Conclusions
● The use of key risk indicators becomes a viable and effective
solution in the task of monitoring the risks of FLOSS
applications.
● The establishment of key risk indicators within the Risk
Monitoring and Control process following the guidelines of
ISO/IEC 27005 and ISO/IEC 31000 with the work Enterprise
Risk Management - Integrated Framework and the COSO
organization article ”Developing key risk indicators to
strengthen enterprise risk management”; facilitate the
identification of errors, security issues, activity of the
application developer community, and enable proactive action
on risk management of FLOSS applications.
47 JAIIO | SIE 2018 - Simposio de Informática en el Estado
38. References
●
Woods, D., Guliani, G.: Open Source for the Enterprise - Managing Risks, Reaping Rewards. O’Reilly, 2005.
●
ABNT-ISO/IEC: ABNT NBR ISO 27005. ISO, 2011.
● ——: ABNT NBR ISO 31000 Gestão de Riscos. ISO, 2009.
● COSO: Developing key risk indicators to strengthen enterprise risk management, 2010. [Online]. Available:
https://erm.ncsu.edu/az/erm/i/chan/library/coso-kri-paper-jan2011.pdf
● SLTI: Instrução Normativa (in04), 2014. [Online]. Available: https://www.governoeletronico.gov.br/
●
MP/CGU: Instrução Normativa (in01), 2016. [Online]. Available: https://www.governoeletronico.gov.br/
● ISO/IEC: ISO Guide 73 Risk management Vocabulary. ISO, 2009.
●
ABNT-ISO/IEC: NBR ISO/IEC 31010:2012, 2012. [Online]. Available:
https://www.abntcatalogo.com.br/norma.aspx?id=89327/
●
PMI: Um guia do conhecimento em gerenciamento de projetos (Guia PMBOK) Quinta Edição. Project Management
Institute, Inc, Pennsylvania, EUA, 2013, vol. 2013.
●
F.F.I.E. Council: Risk management of free and open source software, 2004. [Online]. Available:
https://www.federalreserve.gov/boarddocs/srletters/2004/SR0417a1.pdf/
●
Black Duck Software: Open source security audits, 2017. [Online]. Available:
https://blog.blackducksoftware.com/top-three-operational-open-source-risks/
● ISACA: COBIT 5: Enabling Process. 2012. [Online]. Available: http://www.isaca.org/COBIT/Pages/Product-Family.aspx
●
COSO: COSO - Controle Interno - Estrutura Integrada - Sumário Executivo, PWC, p.20, 2013.
●
——: Gerenciamento de Riscos Corporativos - Estrutura Integrada, PWC, p.135, 2007.
47 JAIIO | SIE 2018 - Simposio de Informática en el Estado
39. Theoretical framework for risk management monitoring,
review and improvement process of FLOSS applications
using key risk indicators - KRI at a public agency
Thank You
47 JAIIO | SIE 2018 - Simposio de Informática en el Estado
Marcelo Horacio Fortino, João Marcelo da Silva, Milvon Lopes dos Santos,
Marcelo Ata de Neto and Marcelo Mafra Leal.ıı
Department of Computer Science, University of Brasılia
Bras lia, DF, 70910-900 Brasil.ıı