it & busin​ess risks

​​​​​In most cases, companies only care about the risks of profit, loss, reputation and business continuity.  

IT is required to: provide efficient services, with maximum availability of the infrastructure and business applications, have a DRP and manage some aspects of information security (mainly firewalls and antivirus).  

Information security is seen as a useless and boring topic that only produces constraints and costs for the company.  

Regulatory and Standards Compliance Management, Business Continuity Management and Privacy Management are all based on risk management.  

All these managements are strictly connected to the organizational model of the company (organization, places and processes) and to its IT model (applications, infrastructures and data).

​​​​In some industries, regulations ​and regulations impose compliance obligations, which include IT risk management and information security. 

Policies and procedures are in place, internal control functions are part of the organization, and risk management is part of the corporate culture. 

The new European GDPR regulation imposes a risk-centric management of privacy, but there can still be a "disconnect" between business and IT. 

The two risk portfolios can be different, and IT risks are considered too technical and difficult for the business to understand. 

Above all, there is the business and control needs, while, at the bottom, there is the security management of every single element of the IT infrastructure. 

Business and IT seem to be two different worlds, but they share "some" risks.

​​iqons has developed the concept of «s​hared risk», a methodology (iq-risk) and the shark (shared risk) suite ​to guide IT risk management activities and its implications in standards and regulations.​