Build an IT Risk Management Program
If you're already a member, click here to log in.
Major Business Pain Points
Recommendations
Key Points
1. IT risk is business risk.
Every IT risk has business implications. Create an IT risk management program that shares risk accountability with the business.
2. Risk is money.
It’s impossible to make intelligent decisions about risks without knowing what they’re worth.
3. You don’t know what you don’t know.
And what you don’t know can hurt you – so find out. To find hidden risks, you need a structured approach.
Approach
Methodology and Tools
Executive Brief
Read the concise Executive Brief to find out why you should build an information security strategy and review the methodology.
1. Review IT risk fundamentals and governance
Assess the current maturity of IT risk management, identify key stakeholders, and establish a governance framework.
2. Identify and assess IT risk
Identify and assess all of IT’s risks.
3. Monitor, communicate, and respond to IT risk
Establish monitoring responsibilities, identify risk responses, and communicate priorities to the business.
All resources on this page are provided to Cyber Leadership Hub members under license from third parties including Info-Tech Research Group Inc, a global leader in providing IT research and advice.