I'm often asked what framework organizations should apply to better manage their IT Risks. While I don't believe there is a "perfect" model to use, COBIT5 is a good framework that takes a wholistic view of the IT function. In addition, the framework highlights two key areas of IT risk management:
- he Top-Down view aligned with Enterprise Risk Management
- The Bottoms-Up view identifying and responding to the IT-specific risks.
In addition, the complementary publication COBIT5 for Risk helps to identify 20 common risk scenarios for organizations to consider when identifying and responding to risks. COBIT5 also aligns to other common frameworks from NIST, COSO, ISO, and PMI allowing organizations to quickly integrate COBIT (or the other frameworks) into their approach. Learn More on ISACA.org.
Is your company looking to adopt a risk management framework? Have you adopted COBIT 5 for Risk? Share your perspectives in the comments.
Comments are closed.