ABSTRACT
This introduction presents an overview of the key concepts discussed in the subsequent chapters of this book. The book describes the regulatory requirements on governance and risk management that provide the framework around which most organisations construct their risk management systems. It shows the transition into a discussion of risk management practice rather than theory, and so also includes brief snapshots of risk events and their impact across a wide range of large and small organisations. The book reviews the concept of technology risk and makes clear the important distinction between the broader technology risk and the more specific term cyber risk. It integrates the lessons learned from case studies and translates these into a list of factors influencing the effectiveness of risk management systems in practice. The book concludes that the ideal scenario of an organisation where everybody is continuously aware of and talks about risk and the risk of surprise is minimised is extraordinarily difficult to achieve.
