The best way to address the risk associated with new IT investments is to integrate security requirements at the beginning of projects. This means that security is considered as a key factor in the planning, design, development and testing phases of IT projects. By doing so, organizations can ensure that security is built into the IT solutions, rather than added as an afterthought. This can help to prevent or reduce security vulnerabilities, breaches, incidents and costs. Integrating security requirements at the beginning of projects is also consistent with the IT risk management frameworks that recommend a proactive and preventive approach to IT risk management12. References := Proactive IT Risk Management in an Era of Emerging Technologies, IT Risk Management Process & Frameworks