IT Policy – Key Concepts
The below can be seen as a Guideline that will assist with accomplishing goals as an IT professional.
Key concept: IT Risk, IT Policy can be seen as the “rules” that keep law and order within an organization. IT Risk in a sense can be viewed as the outcomes/results of not following IT Policy, thus the relationship of IT Policy and IT Risk go hand in hand. IT Policy ensures that known risks do not happen and can assist in minimizing unknown risk.
The COBIT5 “drills down” deeper into the concepts introduced in COBIT4, a good example of this is the mention of “risk drivers”.
COBIT5 mentions the following drivers:
“The main drivers for risk include providing:
Stakeholders with substantiated and consistent opinions over the current state of risk throughout the enterprise
Guidance on how to manage risk to levels within the enterprise’s risk appetite
Guidance on how to set up the appropriate risk culture for the enterprise
Wherever possible, quantitative risk assessments enabling stakeholders to consider the cost of mitigation and the required resources against the loss exposure” [1, pages 22,24]
Image Courtesy of Tech Republic
References:
- ISACA, Basic Foundational Concepts Student Book: Using COBIT® 5. 2014
Acknowledgement:
IT7833 Exercise 2 – Key Concept Methods
IT Professional Toolkit 