Technology Risk Programs
Technology risk includes cybersecurity risk, but it is much wider in scope than that. Cybersecurity is about protecting oneself from attack - essentially the equivalent of making sure no one steals your data, and no one gets into your network unauthorized.
Technology risk however is more extensive in scope than just cybersecurity. It includes the controls that need to be in place to protect against the entire range of technology failures - from ensuring adequate capacity, to managing against outages, and making sure planned changes go in smoothly.
Generally, Technology Risk includes the following programs:
Managing policies
Technology risk management framework
Managing the control framework
Building and maintaining the control framework
Control self-assessment/testing
Technology risk appetite
Measuring policy compliance
Building a control framework
IT governance
Managing risk committees
Managing to and reporting on risk appetite
Risk assessments:
Application risk assessments
Infrastructure risk assessments
Process risk assessments
Issue Management - including managing policy & control exceptions
Disaster recovery and business resilience
Identity and access management
Third party risk
Change management
Production control and security incident management
Project management risk
Legacy hardware and software (EOL)
Privacy and compliance program support
Emerging risk reviews
Employee training and awareness
Shadow IT/End user computing
Audit management
Others:
Hardware and software inventory maintenance
Software license compliance
Emerging risk reviews
Remote workplace infrastructure
IT Inventory maintenance (h/w and s/w)
Last updated