IT audit and IT risk
IT security is fundamental to achieving business objectives—which means that understanding and managing IT risk is also fundamental to achieving business objectives.
IT risk
Why do so many practitioners misunderstand risk?
My apologies in advance to all those who talk about third–party risk, IT risk, cyber risk, and so on. We don’t, or shouldn't, address risk for its own sake. That’s what we are doing when we talk about these risk silos. We should address risk because of its potential effect on the achievement of enterprise objectives.
Is it really possible to control employees' use of company computers?
Policies can help you manage employees' and others' use of company IT resources, and dramatically reduce the potential risk to you and your assets.
