Not so long ago, information technology (IT) risk occupied a small corner of operational risk – the opportunity loss from a missed IT development deadline. Today, the success of an entire financial institution may lay on managing a broad landscape of IT risks. IT risk is a potential damage to an organisation's value, resulting from inadequate managing of processes and technologies. IT risk includes the failure to respond to security and privacy requirements, as well as many other issues such as: human error, internal fraud through software manipulation, external fraud by intruders, obsolesce in applications and machines, reliability issues or mismanagement. The World Economic Forum provides best information about this problem. They rank a breakdown of critical information infrastructure among the most likely core global risks, with 10-20 % likelihood over the next 10 years and potential worldwide impact of $250 billion. Sustained investment in IT – almost $1.2 trillion or 29% of 2006 private-sector capital investment in the U.S. alone fuels growing exposure to IT risk. Greg Hughes, chief strategy officer in Symantec Corp. recently claimed “IT risk management is more than using technology to solve security problems. With proper planning and broad support, it can give an organization the confidence to innovate, using IT to outdistance competitors”.