ORGANIZATIONS MUST CONSTANTLY COPE with change. Shareholders exert new pressures. Governing bodies pass new legislation and set new standards. Organizations must maintain supply chains connecting their suppliers and their customers. Staying competitive means developing strategies to meet business goals. Responding to these changes might require that the organization shift personnel, alter the IT organization, and rearrange logistics. Any of these changes increases risk. The structure of your organization reflects its culture. Likewise, the culture affects your organization’s commitment to protecting information and the people and infrastructure that support it.

The way your organization manages risk ...