Introduction
Governance
()
What you need to know
()
1. IT Risk Basics
Define IT risk
()
Collect relevant information
()
Measure IT risk
()
2. Threats and Vulnerabilities
Understand threats
()
Understand vulnerabilities
()
Protect people
()
Protect processes
()
Protect technology
()
3. Enterprise Risk Context
Prioritize IT risk
()
Establish an IT risk register
()
Understand the enterprise risk profile
()
Three lines of defense
()
4. Engage Your Stakeholders
Identify key stakeholders
()
Determine risk appetite and tolerance
()
Align with business objectives
()
Align with external requirements
()
Develop control documentation
()
Enable informed decisions
()
5. Improve Your Risk Posture
Collaborate with stakeholders
()
Develop a risk-awareness program
()
Train your stakeholders
()
Promote a risk-aware culture
()