“Most companies use technology to collect, process, store, access, and communicate information that aids strategic decision making. Keeping that information secure is critical.”
IT risks can come from various internal and external sources in different functional areas. Only a small proportion of total IT risks are due to technical failures. Most information system vulnerabilities come from ignorance of or negligence in very controllable activities carried out throughout the company, such as the failure to prevent unauthorized access to areas that should be secure. With the increased dependence on IT and the related impact on daily operations, the responsibility of IT risk management has become an issue for the whole company rather than the sole responsibility of those in IT.