Home / Resources / ISACA Journal / Issues / 2025 / Volume 3 / The Measurability of Risk Culture

The Measurability of Risk Culture

A collection of vibrant cubes displaying the text "online exclusive" in a bold font.
Author: Luigi Sbriz, CISM, CRISC, CDPSE, ISO/IEC 27001 L A, ITIL V4, NIST CSF, TISAX AL3, UNI 11697:2017 DPO
Date Published: 18 June 2025
Read Time: 13 minutes
Related: Risk IT Framework, 2nd Edition | Print | English
italiano

Risk culture refers to the system of beliefs, values, attitudes, and behaviors that characterize an enterprise and shape its approach to risk management and decision making. It is an asset that must be established, managed, and measured like any other internal process...

 

Members, login to keep reading.

Not a member but want to read more?
Explore ISACA member benefits today.

Additional resources

Risk Starter Kit
Tool

IT Risk Starter Kit | Digital | English

ISACA created the IT Risk Starter Kit to help users develop an IT Risk Program at their organization. Through detailed templates and guides you’ll be able to...
A collection of vibrant cubes displaying the text "online exclusive" in a bold font.
ISACA Journal Article

The Measurability of Risk Culture

How a system is implemented depends on the organizational culture. Its effectiveness is demonstrated by the risk profile.

Author: Luigi Sbriz
Risk IT Framework
Book

Risk IT Framework, 2nd Edition | Print | English

The Risk IT Framework is designed to assist in developing, implementing or enhancing the practice of risk management by: Connecting the business context with the specific I&T assets. Shifting the focus to activities over which the enterprise has significant control, such as actively directing and managing risk, while minimizing the focus on the conditions over which an enterprise has little control (threat actors).