For this reason, organisations
find themselves in a position where they do not have the correct
approach to identify, assess and treat IT security risks.
Employing a formal risk based approach in managing IT security
risk assist in ensuring that risks that matter to an organisation
are accounted for and as a result, receive the correct level of
attention.