Managing IT risk

Many companies embrace converged risk mitigation and IT security practices, but some believe that strategy won't win the game in the long run. While some risks can be directly perceived and can be easily managed, other risks can only be perceived with the aid of science or technology. Traditional risk management methodologies are great at managing these risks, which include several information security risks. But because the chances of many security incidents happening or the damage resulting from such incidents is difficult to quantify, traditional risk management methodologies can be difficult to easily apply in such situations. The most difficult type of risk to mitigate is virtual risk--risks where science and technology cannot provide a definitive understanding. In these cases, it's largely a matter of who you believe and who you trust. This leads to situations in which some virtual risks are deemed very serious, despite any evidence supporting this position. Because many information security risks cannot be understood and managed using traditional risk management methodologies, integrating information security with other corporate risk management functions may cause more problems than it solves. In most scenarios, the best solution is probably to understand the differences between the types of risk that exist and to manage them appropriately. Unifying information security and other corporate risk management organizations may not always be the best way to do this.

Read more about managing IT risk:
- read the article at E-Commerce Times