¶¶ÒõÉçÇø¶ÌÊÓƵ

IT/IS Risk Management is formally defined as the total process of identifying, controlling, and managing the impact of uncertain harmful events, commensurate with the value of the protected assets, to avoid risk or reduce it to acceptable levels. This process includes both the identification and assessment of risk through risk assessment, analysis, and the initiation and monitoring of appropriate practices in response to that analysis through a risk management program. The ¶¶ÒõÉçÇø¶ÌÊÓƵ CISO shall develop and maintain an IT/IS risk management standard, processes and procedures for support of risk management across the ¶¶ÒõÉçÇø¶ÌÊÓƵ and support of activities between participant organizations. He/she shall maintain IT/IS risk management implementation standards that the individual ¶¶ÒõÉçÇø¶ÌÊÓƵ participant organizations must consider in the development of their individualized IT/IS risk management plans.