Too often, the technology technicians try to assess and address technology-related risks without putting them in the context of the business.
There is some good guidance out there, though.
In 2009, ISACA published the “Risk IT Framework”. That document and the more recent “COBIT 5 for Risk” provide guidance to practitioners on technology-related risk.
COBIT 5 for Risk defines IT risk as business risk, specifically, the business risk associated with the use, ownership, operation, involvement, influence and adoption of IT within an enterprise. IT risk consists of IT-related…
