Good Corporate Governance practices determine that a Board and Senior Management must set a clear vision and strategic objectives for their organization. Unfortunately some constraints might hinder the realization of this vision and strategic objectives. These constraints are known as risks.
Risk Management is the process to identify and assess all potential risks as well as introducing controls that should mitigate all these risks to acceptable low levels.
Information and IT are critical to the success of any organization and, therefore, IT risks are also a Senior Management responsibility.
The History and Essence of Risk
The term riskdates back to the seventeenth century when mathematicians calculated the risk of winning or losing when gambling....
KeywordsRisk Assessment Risk Management Corporate Governance Residual Risk Suitable Control
- 1.ISO/IEC 27002 (2005). Information Technology – Security Techniques – Code of Practice for Information Security Management. International Organization for Standardization. Available from www.iso.ch
- 2.COBIT (2005). Control Objectives for Information and Related Technology. Available from ISACA. www.isaca.org
- 3.ISO/IEC 13335 (2004). Information Technology – Security Techniques – Management of Information and Communications Technology Security – Part 1: Concepts and Models for Information and Communications Technology Security Management. International Organization for Standardization. Available from www.iso.ch