Being aware of IT’s greatest risks is not enough.
This phase will help you:
- Actively monitor threats and vulnerabilities.
- Identify risk response actions that will address top risks.
- Perform cost-benefit analyses to assess the effectiveness and appropriateness of risk responses.
- Create a strong paper trail and obtain sign-off for key risk recommendations.
- Communicate IT risk management up to senior leadership and down to IT personnel.