O'Reilly logo

Beating IT Risks by Luke Silcock, Ernest Jordan

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Chapter 3. IT risk portfolio

Having established that you can't do without IT, that IT risks are significant and need to be managed properly, the question then turns to how IT risks should be managed. Certainly this is one of the first questions you should expect from your key IT governance participants!

The IT risk portfolio approach that is described in this chapter enables proactive management of IT risks by providing a structure for business managers to apply when considering the different classes of IT risk, making management decisions and taking action.

When implemented into your organization, systematic and repeatable processes will ensure that important IT risks are identified, confronted, addressed and managed.

Introducing the IT risk portfolio

As IT risks are all, ultimately, also business risks, it is necessary for the management of IT risks to integrate into your wider business risk management context.[11]

There is a need for IT experts, specialized in a particular class of IT risk, to provide advice to management and carry out necessary specialist activities, such as advising on external network connectivity and recommending security measures. However, it should not be necessary for each of these specialists separately to build the 'bridge of understanding' across the void that invariably exists between business managers and IT experts over these specialist topics.

More useful is a single integrated IT risk management approach that both business managers and IT specialists ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required