Hi,
I am writing a research paper on IT risk. Here is an introduction and brief review of definitions used across the IT Industry:
http://sysaffairs.org/79-channels/it-risk-management/2-on-it-risk-definition-part-1.html
Does any of these definitions reflect the real nature of IT risk? How would you define IT risk?
Your opinion will be highly appreciated.
Regards,
Rubina
Replies
Thank you for your comment. I agree with you that IT Security risk is just one category of IT risk; there are many more categories of IT related risk (e.g., safety, business, project.)
It seems that neither generic risk management frameworks (e.g., ISO 31000, COSO Enterprise Risk Integrated Management Framework), not those that claim they are IT specific (e.g., ISACA Risk IT Framework and ITIL) can prove useful for IT endeavours.
How would you define “IT risk” vs “Information risk”?
I gave the definitions of "technology" and "IT" in the second article:
http://sysaffairs.org/channels/risk-management/9-what-generates-unc...
but I didn’t make a distinction between “IT risk” (or IT-related risk) and “information risk”.
Again, thank you,
Rubina
Hmm, as an ex-IT Risk Manager, I would actually skip "IT Risk". I think the evolutionary step should be directly from "IT Security" to "Information Risk"...