Over the past week we have been discussing an overview of IT Governance, Risk, and Compliance as well as diving into each of the components that make up this program. Today we are going to talk about the final piece of the IT GRC puzzle: Compliance.
Earlier this week we discussed IT Governance, Risk, and Compliance (IT GRC) with a specific focus on IT Governance. To read more of that post, click here. Today we are going to focus on the second component of IT GRC, IT Risk.
In keeping with consistency, Gartner defines IT Risk as "the potential for an unplanned, negative business outcome involving the failure or misuse of IT" (Gartner, 2012). This is a broad definition that could encompass many different aspects that an organization should be concerned about that includes two suggestions about why risk might occur:
In the world of Information Security, acronyms are a way of life. In fact, we often refer to all these different acronyms as "alphabet soup." Keeping track of what they all mean and what they stand for can be challenging. With that in mind, over the next 3 blog posts, we are going to dig into one of those acronyms, IT GRC.