Risk requires an all-inclusive strategy

 7 March 2006

Man walking on tightrope IT risk is not just about managing and defining IT security but should also encompass projects, architecture, vendors, suppliers and customer satisfaction, according to a new Forrester report.

Risk, like beauty, is in the eye of the beholder. The Forrester report found that not only do different parts of enterprises maintain different views and definitions of risk, but that that IT departments also takes a fragmented approach to defining and managing risk.

However, the good news is that IT organizations are beginning to explore a more holistic view of risk in response to increasing challenges to measure and monitor risk, alongside increased pressure to comply with regulations.

IT is taking a seat at the enterprise risk management (ERM) table, which in turn requires the development of an IT risk management strategy.

This latest Forrester report, available to BCS members in the secure area, looks at the fact that IT tackles risk tactically, missing the big picture.

It explains how to define risk, examines Forrester's taxonomy, and describes how a risk strategy for IT must interface with that of the business as whole.

- Member Secure Area
- Security Section