The COBIT2019 framework includes a holistic approach to manage cyber risks. Although the framework consists of 40 objectives, in this article we will discuss the one objective most relevant to cyber risk management – ‘managed risk’ (APO12). We emphasize the need to leverage experienced cybersecurity professionals who fully understand risk in technology infrastructure.
The COBIT2019 objective on 'managed risk' includes detailed guidance on specific practices, metrics and information flows with inputs and outputs. This objective in the ‘Align, Plan & Organize’ (APO) domain of the framework, can be used specifically for managing cyber risk within an organization’s overall enterprise risk management (ERM).