What’s the difference between a risk, a threat, and a vulnerability? This is worth knowing, because if you can spot the risks in your enterprise and mitigate or eliminate them, you might not have to worry about associated threats.
The man in question is Nassim N. Taleb. He coined the term “Black Swan” in risk management to describe events that are unforeseeable, even highly unlikely, yet that happen and in doing so change the course of history.
IT risk management can be a risk all by itself. Although the principles sound straightforward, applying them incorrectly can lead to wasted effort, mistakes in risk postures, and failing to spot relevant risks or changes in those risks.
When you shove things higgledy-piggledy into your desk drawer, just to clear space in your workspace, you have a quick solution, you also have a dirty solution, because trying to find the key to your filing cabinet will take you ages afterwards, and Yes, you’ve just experienced technical debt, first hand!
IT risk management is a common thread running through IT investments, IT security, IT disaster recovery, and business continuity.
Sure, as a CIO or IT manager, you know what IT risk management is. It’s all about applying risk management principles to IT, including the adoption, ownership, operation and influence of IT within the larger context of the enterprise but in terms of risk management language, are these principles communicated properly across the organisation?