Originally posted here by genXer
I am wondering if IT is doing a risk assessment? Catch/cabby80 - have you seen IT do risks assessements? Should they? It seems logical that they should...
Not impossible, just hard to implement. I work in a large organisation that is currently looking at a self assessment program for certain aspects of ICT operations. However, the program also comes with well developed policy and is supplemented by assessment and auditing by a governing security authority. So realistically a hybrib between the two.