Linda Wilbanks, David R Kuhn & Wes Chou, IT Risks (Feb. 3, 2014) (full-text).
Risk management is a common phrase when managing information, from the CISO to the programmer. Risk management is the identification, assessment and prioritization of risks and reflects how the NIST manages uncertainty. These are some areas of risk that we have come to accept, their mitigation strategies are part of our development, part of our everyday work. Most IT professionals would agree that IT is good at identifying and managing the risks. But is that really the case or has risk management/mitigation become a buzz word?