Guidelines to manage increased IT risk

From cyberattacks and malicious employee actions to hacks into corporate social media accounts, 2013 is turning out to be a watershed year for technology-related enterprise threats.

Organizations must integrate technology risk much more aggressively into enterprise risk management (ERM) if they want to reduce future loss and improve business performance, according to ISACA.

Mismanaging IT risk can reduce business value, create financial loss, damage corporate reputation and overlook promising new opportunities. According to a study by the Project Management Institute, every billion dollars that an enterprise spends represents $135 million in risk.

ISACA’s COBIT 5 for Risk, developed by a global committee of risk professionals, provides a detailed guide to governing and managing IT risk in the face of today’s unpredictable threats.

he publication, which replaces the former Risk IT framework, also includes guidance on how COBIT 5 supports risk management and governance and how to set up and maintain an effective and efficient risk function based on COBIT’s seven enablers:

• Principles, policies and frameworks
• Processes
• Organizational structures
• Culture, ethics and behavior
• Information
• Services, infrastructure and applications
• People, skills and competencies.

The guide is available here, $35 for members, and US $175 for non-members.