Understanding the Data Controller's Role under GDPR

The EU and UK General Data Protection Regulation (GDPR) defines the role of the Data Controller, making them responsible for compliance and risk management under data protection laws. Understanding the data controller concept is essential to understand organisational obligations and to manage data protection legal risk. Defining the Data Controller A Data Controller is an entity (natural or legal person, public authority, agency, or other body) that determines the purposes and means of processing personal data. Simply put, they decide why and how personal data is used. ...

3 min

Understanding the Risk Universe - A Guide for Audit and Risk Professionals

A Risk Universe is a comprehensive list of potential events that could impact an organisation’s ability to achieve its goals and objectives. It provides a structured way to identify, assess and prioritise risks - serving as the foundation for frameworks like the risk register, risk appetite statement and audit planning. Risk Universes are typically maintained by Risk or Enterprise Risk Management (ERM) teams and are essential for driving consistency in how risks are recorded, communicated and mitigated across the business. ...

3 min

Using the Monte Carlo method to calculate risk

Monte Carlo is a method that uses repeated random sampling to model a range of possible outcomes and their probabilities, especially useful when there is significant uncertainty about the result. The name Monte Carlo was inspired by the famous casinos of Monte Carlo, reflecting the role of chance in the method. In risk assessment, Monte Carlo methods use repeated random sampling to model the impact of uncertainty, generating a probability distribution of potential losses or gains that can be used to quantify risk, including Value at Risk or expected shortfall. ...

1 min

Value at Risk (VaR)

Value at Risk (VaR) is a statistical measure used to estimate the potential loss of an asset, portfolio, or investment over a specified time period at a given confidence level under normal market conditions. VaR can be used in risk management for risk measurement and assessment. Related pages FAIR, a technique used for cybersecurity and operational risk loss event measurement

1 min

Vendor Exit Strategy

Further reading Cloud Exit Strategies: Why and How to Avoid Vendor Lock-in (ISC2)

1 min