As IT security programs mature and start to work more closely with other parts of the business, they are expected to function and communicate in business terms. This has led many information security professionals to begin adopting more business-focused IT risk management practices. Forrester uses key elements of enterprise risk management standards as well as lessons learned from successful customer examples to provide guidance for building a formal IT risk management program that communicates well with, and adds value to, the rest of the organization.