The Risk IT framework addresses many issues enterprises face today, notably their need for:
1. An accurate view of current and near-future IT-related risks throughout the extended enterprise and the success with which the enterprise is addressing IT risk
2. End-to-end guidance on how to manage IT-related risks, beyond both purely technical control measures and security
3. Understanding of how to capitalise on an investment made in an IT internal control system already in place to manage IT-related risk
4. When assessing and managing IT risk, integration with the overall risk and compliance structures within the enterprise
5. A common framework/language to help manage the
1. “Respect for the individual.”
This respect should be for each and every individual, including the ones who are believed to be violating your security policies and procedures.
2. “Excellent service to the customer.”
This applies to both internal and external customers and at every level of the security organization.
3. “Excellence as a way of life.”
Every action should always be done to the best of one’s ability.