IT failure (whether crashes, security vulnerabilities, or project failure), the consequences could be very serious.
According to the
for business executives, understand IT related risk is still difficult challenge, after all, many experts are not in charge of the technical aspects of the. Less technical background, how to improve enterprise management risk management, to ensure that the company’s strategic objectives can be achieved, without the risk of IT drag.
ITGI recently published "information risk: who should be responsible?" Provide the following recommendations:
The board of directors of the audit committee of
IT control appears weakness must be immediately get the attention of supervisor. After the approval of the new head of the IT proposal, should grasp the risk and profit, identified in the proposed strategic plan, the two clearly into account. Supervisors also need to do risk assessment on a regular basis, put out an action plan to solve the risks.
At the end of operation (
is the actual person used IT service) must take operation related risks, including the risks related to the use of IT and. IT service providers should provide consultation, cooperation and business management, determine the safety measures for you.