I’ve noticed that the phrase “real risk” has been in use to mean a number of different things. I write about this in the July @ISACA column.
My @ISACA column was published recently on risk ownership. Its a problem all risk professionals have to deal with at some point in their careers: when IT is expected to own what is ultimately business risk. I use absurdity to illustrate how absurd this is ;-) You can read the column here.