Aligning IT teams' risk management to business requirements

Achieving alignment of risk perception, assessment, and tolerance among and between management teams within an organisation is an important foundation upon which an effective enterprise information security management strategy can be built .We argue the importance of such alignment based on information security and risk assessment literature. Too often lack of alignment dampens clean execution of strategy, eroding support during development and implementation of information security programs . We argue that alignment can be achieved by developing an understanding of enterprise risk management plans and actions, risk perceptions and risk culture. This is done by examining context, context and process. We illustrate this through the case of LeCroy Corp., illustrating how LeCroy managers perceive risk in practice, and how LeCroy fosters alignment in risk perception and execution of risk management strategy as part of an overall information security program. We show that in some circumstances diversity of risk tolerance profiles aide a management teams’ function. In other circumstances, variances lead to dysfunction. We have uncovered and quantified nonlinearities and special cases in LeCroy executive management’s risk tolerance profiles.