The role of Information Technology in a Risk Management Program

Information Technology can be said to have its advantages and disadvantages when used as
part of a Risk Management Program in any organization. This is because advances in
Information Technology, particularly in security of data through encryption, help guarantee
that the organization will be kept relatively safe from future risks and threats –
relatively is the word used since it is statistically impossible for any organization to be
completely free from risks and threats throughout its lifetime.

The US Federal government is one example of an organization that has attempted to make its
facilities and systems safer and more secure from external threats by using certain
Information Technology systems. One of these is the use of cryptographic algorithms that
meet the minimum standard of 80 bits of strength, based on cryptographic technology and
Public Key Infrastructure technical know-how. Another is PIV Visual Card Topography. At
present, the Federal government is assessing whether Secure Biometric Match-On-Card
technology should also be integrated into its current systems.

According to one study done on the risk faced by Information Technology systems, 66% of the
responding IT executives believe that a major regulatory incident will probably occur at
least once after every five years. A major data loss incident is expected to happen also at
least once after every five years by 58% of those polled. And 60% think that a major IT
incident will be experienced at least once every year. These pose significant probable
perceived instances of organizational incapacity when it comes to compliance, resulting in
exceeding information loss.

Another finding in that same study is that organizations seem to be better at technology
controls implementation for the moment, compared to their ability to implement process
controls. This may drag down IT Risk Management on the whole.