IT Risk Management

  • S.H. von Solms
  • R von Solms


Good Corporate Governance practices determine that a Board and Senior Management must set a clear vision and strategic objectives for their organization. Unfortunately some constraints might hinder the realization of this vision and strategic objectives. These constraints are known as risks.

As the Board and Senior Management are ultimately responsible for the well-being of the organization, they must ensure that all risks are properly addressed. For this reason, Risk Management is definitely their responsibility.

Risk Management is the process to identify and assess all potential risks as well as introducing controls that should mitigate all these risks to acceptable low levels.

Information and IT are critical to the success of any organization and, therefore, IT risks are also a Senior Management responsibility.

The History and Essence of Risk

The term riskdates back to the seventeenth century when mathematicians calculated the risk of winning or losing when gambling....


Risk Assessment Risk Management Corporate Governance Residual Risk Suitable Control 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    ISO/IEC 27002 (2005). Information Technology – Security Techniques – Code of Practice for Information Security Management. International Organization for Standardization. Available from
  2. 2.
    COBIT (2005). Control Objectives for Information and Related Technology. Available from ISACA.
  3. 3.
    ISO/IEC 13335 (2004). Information Technology – Security Techniques – Management of Information and Communications Technology Security – Part 1: Concepts and Models for Information and Communications Technology Security Management. International Organization for Standardization. Available from

Copyright information

© Springer Science+Business Media, LLC 2009

Authors and Affiliations

  • S.H. von Solms
    • 1
  • R von Solms
    • 2
  1. 1.University of JohannesburgSouth Africa
  2. 2.Nelson Mandela Metropolitan UniversitySouth Africa

Personalised recommendations