Before identifying and assessing IT's greatest risks, review the following IT risk management fundamentals:
- Benefits of formalized risk management.
- Key terms and definitions.
- Principles of IT risk management.
- Obtaining buy-in and support from the business.
Next, build a framework for IT risk governance by:
- Assessing your current approach to IT risk management.
- Establishing a permanent body within IT tasked with managing risk.
- Setting out clear accountabilities and responsibilities for IT and business stakeholders.