“IT Risk is well defined by the ISACA organization in the Risk IT Framework.  It says, “IT risk is business risk—specifically, the business risk associated with the use, ownership, operation, involvement, influence and adoption of IT within an enterprise.” This means that IT Risk is no longer relegated to some back office, but is part of how the company evaluates their place and permanence in the market.  I particularly like their line a bit further down, which states, “IT risk always exists, whether or not it is detected or recognized by an enterprise.”  This is the clarion call for risk management.  Either you understand and control your risks, or they will control your business. When you think about it, a company is in business because they are willing to take risks that their customer isn’t willing to do.  As an example, think of a grocery store.  You might think that a grocery store doesn’t engage in risky behavior, but I would disagree.  A grocery store stocks okra.  Okra is a horrible vegetable.  It tastes like slimy green beans.  For a grocery store, okra takes shelf space and represents an investment – hoping that someone will buy it.  Even if you like okra you can recognize that stocking okra represents a risk that many households aren’t willing to take on.  It could rot in the refrigerator or end up as the battleground with finicky children at the dinner table.

Read full news article on CSOONLINE.com