Our own Orbus Software consultant Russel Jones presents his latest IT GRC paper, this time defining the key infrastructures that should be in place to make for a well-defined IT-related risk management program. Download your copy to use as a guide for identifying and understanding IT related risk, developing and implementing risk management processes, and making use of risk management tools and techniques.

IT Risk Management is an important capability for any organization that relies on information technology. IT-related risks can be defined and the business risks associated with the adoption and use of IT.

The use of IT to support many core functions in business today has led to an increase in cyber-crime. This has resulted in an increased focus on properly securing businesses information and technology resources, and identifying and controlling security risks timeously. As such, the identification, management and control of IT-related risks requires a formal risk management program.

In order to define, implement and manage an effective risk management program, the following activities and outcomes should be in place:

• Identification and understanding of IT related risk;

• Developing and implementing risk management processes;

• Defining a risk model and using various tools and techniques for risk management

   o Including the implementation of principles and policies for risk mitigation and controls;

• Developing a risk assessment approach o Making use of risk management tools and techniques.

In this paper we will discuss these activities in more detail, and identify the key outcomes of a well-defined IT-related risk management program.

Login to continue reading or register now to download the ebook.