Functions of an IT Risk Management Program
There are many authoritative sources that can guide you in the formation of your key program functions. Over the years, I have melded my personal experience as a consultant and seeing what works at companies across a variety of industries using noteworthy frameworks such as NIST and the International Organization for Standardization (ISO).
Figure 3.1 is an example of a program I have implemented and its mapping to the NIST Cybersecurity Framework, which can be accessed online at https://nist.gov/cyberframework.
You can certainly call your key program components whatever you would like but I prefer these terms as most business stakeholders can relate easier than some “technobabble,” ...
Get The Business-Minded CISO now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
