As I got to writing about this broad subject, I received a release from Enterprise Management Associates, whose new study on this very same subject (pure coincidence) is both enlightening and disconcerting. "IT risk management is no longer limited to one technology or meant to meet a single regulatory mandate," states EMA research director and study lead Scott Crawford. "It seeks to unify and integrate siloed approaches to managing security, business, technology and trust risks -- aligning them with strategic business objectives to enable the enterprise to consistently manage and measure their control."
True enough. But then the release goes on to say that a "new class of technologies and tools" is available "geared toward flexibility, adaptability, integration and interoperability." This may be the stuff of a business and technology consultant's dreams, but even if these tools are all they're cracked up to be, it's all a bit mind-numbing to the technology pro who wants to get on with real work.
Heaven help us if our nation's IT execs must spend all their waking hours thinking like actuaries, accountants, and lawyers, plotting worst-case scenarios and insulating their organizations not just from risks but also from opportunities.