Information and Communication Technologies (ICT) have become fundamental tools to support business processes. However, its incorporation has brought new and sophisticated threats and vulnerabilities. Therefore, Information Technology risk management is a determining factor to ensure business continuity. One of the first activities that must be addressed in risk management is the evaluation of the organizational context, which results in an understanding of the company around its strategy to manage risks and the role that employees have in the needs of control. This article defines a set of indicators based on COBIT enablers Processes to determine the level of maturity of the organizational context for risk management. Additionally, a strategy focused on human resources for the threats and vulnerabilities evaluation is proposed. The results of its application made it possible to verify that although be defines risk management politics, more than 70% of employees do not fully implement them, so evaluating the organizational context periodically and with clear indicators is essential.