Organize Your Program

Functions of an IT Risk Management Program

There are many authoritative sources that can guide you in the formation of your key program functions. Over the years, I have melded my personal experience as a consultant and seeing what works at companies across a variety of industries using noteworthy frameworks such as NIST and the International Organization for Standardization (ISO).

Figure 3.1 an example of a program I have implemented and its mapping to the NIST Cybersecurity Framework, which can be accessed online at


Figure 3.1 IT risk management program mapped to the NIST Cybersecurity ...

Get The Business-Minded CISO now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.