Press Release


 Cyberattacks, Insider Threats, Social Media Hacking: New COBIT 5 for Risk Provides Guidelines to Manage Increased IT Risk 

Rolling Meadows, IL, USA (24 September 2013)—From cyberattacks and malicious employee actions to hacks into corporate social media accounts, 2013 is turning out to be a watershed year for technology-related enterprise threats. Organizations must integrate technology risk much more aggressively into enterprise risk management (ERM) if they want to reduce future loss and improve business performance, says a new guide from global IT association ISACA.

Mismanaging IT risk can reduce business value, create financial loss, damage corporate reputation and overlook promising new opportunities. According to a study by the Project Management Institute, every billion dollars that an enterprise spends represents $135 million in risk. ISACA’s COBIT 5 for Risk, developed by a global committee of risk professionals, provides a detailed guide to governing and managing IT risk in the face of today’s unpredictable threats.

“The 2013 risk landscape is unprecedented, marked by deliberate employee actions like the Snowden leaks, denial-of-service attacks against major banks, hacks into prominent Twitter and Facebook accounts, and cyberattacks against both businesses and government,” said Steven Babb, chair of the COBIT 5 for Risk Task Force. “It’s no longer enough to identify a risk and add it to a risk register. COBIT 5 for Risk provides key guidance on tying IT risk directly to strategic business outcomes.”

COBIT 5 for Risk is based on the globally recognized COBIT 5 framework for the governance and management of enterprise IT. The guide provides 20 risk scenario categories with potential responses. These scenarios include employee sabotage and theft, data breaches, disclosure of sensitive information through social media, industrial espionage, and support for innovation.

The publication, which replaces the former Risk IT framework, also includes guidance on how COBIT 5 supports risk management and governance and how to set up and maintain an effective and efficient risk function based on COBIT’s seven enablers:

  • Principles, policies and frameworks
  • Processes
  • Organizational structures
  • Culture, ethics and behavior
  • Information
  • Services, infrastructure and applications
  • People, skills and competencies

COBIT 5 for Risk is based on ISACA’s broad expertise as a global leader in IT risk governance, education and certification. ISACA established the Certified in Risk and Information Systems Control (CRISC) credential in 2010. In 2013, it was awarded the Best Professional Certification Program Award from SC Magazine, and is among the highest-paying IT certifications named in the latest Foote Partners’ IT Skills and Certifications Pay IndexTM (ITSCPI).

The guide is intended for:

  • Risk professionals, to help them manage risk and incorporate IT risk into enterprise risk management (ERM)
  • IT and business management, to help them understand how to identify and manage IT risk, and how to communicate IT risk to business decision makers
  • Boards and executive management, to help them understand the implications of IT risk on the enterprise’s strategic objectives—and how to optimize IT for successful strategy execution

COBIT 5 for Risk can be purchased from The COBIT 5 framework publication can be downloaded free of charge at



With more than 110,000 constituents in 180 countries, ISACA ( helps business and IT leaders maximize value and manage risk related to information and technology. Founded in 1969, the nonprofit, independent ISACA is an advocate for professionals involved in information security, assurance, risk management and governance. These professionals rely on ISACA as the trusted source for information and technology knowledge, community, standards and certification. The association, which has 200 chapters worldwide, advances and validates business-critical skills and knowledge through the globally respected Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified in the Governance of Enterprise IT (CGEIT) and Certified in Risk and Information Systems Control (CRISC) credentials. ISACA also developed and continually updates COBIT, a business framework that helps enterprises in all industries and geographies govern and manage their information and technology.

Participate in the ISACA Knowledge Center:

Follow ISACA on Twitter:

Join ISACA on LinkedIn: ISACA (Official),<

Like ISACA on Facebook:



Kristen Kessinger, +1.847.660.5512,
Joanne Duffer, +1.847.660.5564,