Developments in Practice XXXIII: A Holistic Approach to Managing IT-based Risk
Why this work is in the frame
A frame that forgets how it found something cannot be audited. These are the routes that admitted this work.
Bibliographic record
Abstract
Not long ago, IT-based risk was a fairly low-key activity focused on whether IT could deliver projects successfully and keep applications up and running. But with the opening up of the organization’s boundaries to external partners, service providers, external electronic communications, and online services, managing IT-based risk has morphed into a “bet the company” proposition. Not only is the scope of the job bigger, the stakes are much higher. As companies have become more dependent on IT for everything they do, the costs of service disruption and inadequate security practices have escalated exponentially. Therefore, the job of managing IT-based risk has become broader and more complex. Whereas in the past companies have sought security through physical or technological means (e.g., locked rooms, virus scanners), there is now growing understanding that managing IT-based risk must be a strategic and holistic activity that is not just the responsibility of a small group of IT specialists, but part of a mindset that extends from partners and suppliers to employees and customers. This paper explores how organizations are addressing and coping with increasing IT-based risk. It presents the results of an in-depth discussion of this issue with 20 senior IT practitioners and the challenges facing them. It proposes a holistic view of risk and examines the characteristics and components needed to develop an effective risk management framework, presenting a generic framework for integrating the growing number of elements involved in it. Finally, it describes successful practices organizations could use for improving their risk management capabilities.
Fetched live from OpenAlex and de-inverted. Abstracts are not stored in this database: the inverted indexes are 8.6 GB of the frame’s 9.3 GB of text, and the host has 13 GB free.
Full frame distilled prediction
Teacher imitationNot calibrated prevalence, not ground truth. Human validation pending. Learned from the 10,348 direct Codex labels and 10,348 direct Gemma labels. Candidate is the union of thresholded teacher heads; consensus is their intersection. These outputs are machine_predicted_unvalidated and are not human labels or direct frontier model labels.
Codex and Gemma teacher scores by category
| Category | Codex | Gemma |
|---|---|---|
| Metaresearch | 0.006 | 0.012 |
| Meta-epidemiology (narrow) | 0.000 | 0.000 |
| Meta-epidemiology (broad) | 0.000 | 0.000 |
| Bibliometrics | 0.000 | 0.001 |
| Science and technology studies | 0.001 | 0.000 |
| Scholarly communication | 0.000 | 0.001 |
| Open science | 0.002 | 0.000 |
| Research integrity | 0.000 | 0.000 |
| Insufficient payload (model declined to judge) | 0.000 | 0.000 |
Machine scores (provisional)
The two teacher heads of the student model, read on this work. A score orders the frame for review; it never asserts a category, and the validation status ships verbatim with every row.
Baseline scores from an immature model (maturity gate not passed, 7 training rounds). Scores rank; they never assert a category.
score_only:v0-immature-baseline · verbatim from the scoring run: score_only means the number may rank works, and no category label ships from it