Open in app

Sign in

Write

Sign in

IT Risk Management

Sarah
TECH INNOVATION — TECHNOLOGY EXECUTIVE
Published in
May 10, 2024

Roles and Responsibilities

In IT risk management, various documented systems such as ISO 27005 and Special Publication 800–39 guide the process, which typically involves:

  1. Identification of assets, threats, and vulnerabilities.
  2. Assessment of risks, often categorized as low, medium, or high.
  3. Prioritization of risks based on frequency and severity.
  4. Risk treatment, which includes options like avoidance, control, acceptance, or transfer.

Common roles and responsibilities in IT risk management are:

  1. Asset Owners: Typically senior decision-makers like vice presidents, responsible for maintaining operational IT systems and deciding on risk treatment options.
  2. Control Operators: Individuals who execute procedures to control risks, such as analysts monitoring for unusual patterns indicating potential attacks.
  3. Compliance Team: Knowledgeable about laws, regulations, and best practices, they guide asset owners on addressing well-known risks to ensure compliance.
  4. Internal Audit Team: Conducts periodic testing of controls to ensure
Cybersecurity
Cyberattack
Cyber Security Awareness
Information Security
Information Technology

--

--

Sarah
TECH INNOVATION — TECHNOLOGY EXECUTIVE

Written by Sarah

82 Followers
Editor for

I am an author of 2 motivational books : Choices and living Bread for the soul. I have also written 56 Gospel Hymns and lauched a music album.

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams