• +353-1-416-8900(GMT OFFICE HOURS)
  • 1-800-526-8630(US/CAN TOLL FREE)
  • 1-917-300-0470(EST OFFICE HOURS)
Governance, Risk, Compliance and Beyond: The Emergence of Strategic IT Risk Management Product Image

Governance, Risk, Compliance and Beyond: The Emergence of Strategic IT Risk Management

  • Published: August 2007
  • Region: Global
  • 50 pages
  • Enterprise Management Associates

In recent years, the number and range risks facing IT have exploded. From business malfeasance and insider risks, to new and more malicious classes of security attacks, enterprises are challenged as never before to contain threats to critical information resources. The introduction of numerous regulatory and industry compliance measures have raised the challenge to the level of mandate: businesses must adopt a more consistent and comprehensive approach to IT governance. In each of these demands, a consistent theme is heard with increasing urgency: the enterprise must take a more strategic approach to IT risk management.

In today’s technology-dependent enterprise, business risk managers increasingly recognize that IT controls are often the key to the management of a wide range of operational risks. Conversely, information technologists are embracing risk management practices in the management of business-critical information resources by:

- Taking a disciplined approach to IT control objectives in domains from performance, availability, configuration, and change management, to business risk, trust and security controls.
- Applying objective metrics for the measurement READ MORE >

Executive Summary
Background and Context: The Evolution of IT Risk Management
IT Management Is Risk Management
Driving the Trend: Security and Regulatory Compliance
Converging on Goals: Risk Management as the Objective…
…with IT Governance as the Means of Control
The Rise of GRC Platforms
What Does “Strategic” Risk Management Mean in IT?
Strategic Management vs. Strategic Risk
Strategic IT Risk Management and the Scope of This Report
What are the Challenges that Strategic IT Risk Management is arising to Address?
Senior Management Risk Visibility Is Often Blurred Across Silos and Through Layers
IT Operations Struggles to Rationalize Multiple Views of Criticality
Complexity and Proliferation of Technology Point Solutions
“Three P’s” Are Key: Policy, Process and Procedure
Strategic IT Risk Management Lifecycle
Strategic IT Risk Management Scope and Functionality
Qualifying the Landscape: Layers and Segments
The Four Layers of Strategic IT Risk Management
Layer 1
Layer 2
Layer 3
Layer 4
Strategic IT Risk Management Market Segmentation
IT Service, Operations and Security Management
Security Management
IT Service Management and Business Service Management
Information Management
The CMDB
“Next-Generation” Asset Management
Data Protection, Disaster Recovery and Business Continuity
Project Portfolio Management
Identity and Access Management
Configuration Audit and Control
Security Information and Event Management (SIEM)
Content Risk Management
Database Governance and Risk Management
IT Security Risk Management
Further Consolidation Likely
Policy Compliance and IT GRC Systems
Business and Financial GRC with IT Governance or IT GRC Modules
Enterprise Application Platforms and Integrators
Looking Forward: The Future of Strategic IT Risk Management
Advances in the Automation of IT Management
The Evolution of IT Risk Metrics
Increasing Relationships between IT, Business and Financial Risk Management
Business Intelligence (BI) and Enterprise Decision Management (EDM)
Modeling and Enterprise Architecture
EMA’s Perspective
Challenges Facing Strategic IT Risk Management
Lack of Maturity in IT Management
Lack of Consensus Among Stakeholders
Lack of Consensus on “Acceptable” IT Risk
Recommendations
Make the Most of Shared Opportunities
More Than Cooperation, Active Participation among Stakeholders Is Vital
Consensus Must Be Grounded in Reality
Make Room for Agility in Responding to Rapidly Changing Perceptions of Risk
Toward IT Risk Management Maturity
Related and Upcoming EMA Research
Appendix A: Indicators of Maturity in Strategic IT Risk Management
Appendix B: Definitions

Today’s enterprise faces a daunting range of IT risks, from security, business malfeasance and insider threats, to those facing business-critical IT service availability, performance and integrity. In response, regulatory compliance has driven the pursuit of more effective IT governance. IT risk management has become the lynchpin of all these demands. The challenge is complex. Different groups each have their own view of risk, in a multitude of technology domains. Bringing coherence to this challenge is the goal of a more strategic approach to IT risk management. In this study, EMA takes a look at the trends and technologies defining a new initiative—Strategic IT Risk Management—where a coherent approach to developing an enterprise risk strategy is driving a more comprehensive view of governance, risk and compliance management, and shaping new ways to define and manage risks throughout IT.

Note: Product cover images may vary from those shown

RELATED PRODUCTS

Our Clients

Our clients' logos