Technology Governance
The board of directors and senior management of an organization are accountable for technology risk and are expected to direct and monitor risk management efforts.Risk Management Framework
Implementing structures, roles & responsibilities, practices and processes for controlling technology risk.Risk Identification
The continuous process of identifying technology risks.Risk Analysis
Developing an understanding of the context, impact and probability of each identified risk.Risk Treatment
Developing and implementing treatments for identified risks. Common treatments include risk avoidance, mitigation, transfer, sharing and acceptance.Risk Monitoring
Monitoring and reporting of risk.Service Management Framework
The structures, processes and tools for operating technology services.Incident Management
Handling failures that occur. A tactical process that seeks to quickly minimize impact.Problem Management
The process of identifying and addressing the root cause of failures. A strategic process that learns from failure to drive improvement.Change Management
Controlling change to technology environments.Configuration Management
Ensuring that changes to technology are traceable.Capacity Management
The process of efficiently scaling technology to meet business demands.IT Asset Management
Control of technology assets including financial, contractual and lifecycle considerations.Lifecycle Management
Identifying and managing risks related to aging technologies and equipment. For example, planning to replace software that is no longer supported by its vendor.Patch Management
Tracking and implementing patches, particularly security patches.Identity & Access Management
Secure processes for granting access to technology and information resources include appropriate separation of concerns.Information Security
The defense of information and information systems from unauthorized access, use, disclosure, modification or disruption. Includes system security, data loss prevention, technology infrastructure security and network security.Physical Security
Physically securing information resources and related facilities such as offices and data centers.Security Monitoring
Security monitoring of platforms, hosts, networks, systems, applications and databases. Large organizations may have a dedicated information security operations center for this purpose.Defensive Computing
Training all employees to be aware of defensive computing practices.Customer Protection
Extending your security efforts to customers. For example, helping customers to secure clients such as web browsers that are used to access your services.Outsourcing Management
Managing technology risks related to external partners. This includes due diligence in selecting partners and monitoring their performance.Project Management
Controlled planning and execution of technology projects.IT Standards
Developing and operating technology resources according to standard policies and practices such as secure coding guidelines.Security Requirements
Developing and implementing security requirements for technology projects.Security Testing
Code reviews and security testing including penetration tests.Encryption
Adequate encryption of sensitive information in transit, use and storage.Keys Management
The process of securing encryption keys.Reliability Engineering
Designing platforms, systems, applications, infrastructure and facilities for resilience.Audit Trail
Ensuring that technology operations and events are recorded with sufficient detail to be reconstructed for the purposes of investigation and audit.Data Backup
Secure and resilient processes for backing up data.IT Audit
Periodic or ongoing evaluations of technology controls.Overview: Technology Risk Management | ||
Type | ||
Definition | The direction and control of an organization to manage technology risk. | |
Related Concepts |