Single-user edition. A STREAM database configured with PCI DSS v2.0 content for use with the free single-user version of Acuity's GRC software solution, STREAM Integrated Risk Manager (Version 2.0)
Latest Opinions
Risk appetite for information security
Best practice in risk management tells us that we need to understand our risk appetite and measure risk in relation to this. But how do we measure our appetite for information security risk?
Acuity has created a presentation describing requirements, concepts and approaches to setting risk appetite, with some practical examples. Please click on the link below to download the presentation.
Financial crisis - where was the human judgement?
It had been generally accepted that the financial crisis was caused, in part, by an over-reliance on statistical computer models. Banks calculate their Value at Risk (VaR) every day using sophisticated computer modelling techniques based largely on historical data to determine, for example, that there is a less that 1% chance of losing $50 million in the next 10 days under normal market conditions. We are now experiencing the consequences of abnormal market conditions.
Whitepaper - A blueprint for an Enterprise information security assurance system
This paper describes a blueprint for Enterprise Information Security Assurance Systems (ISO 27001) but the principles are applicable to any management system solution, including Quality Management Systems (ISO 9000 series), Environmental Management Systems (ISO 14000 series), Occupational Health & Safety Systems (ISO 18000 series) and Business Continuity Management Systems (BS 25999 series).
