Resolving conceptual ambiguities in technology risk management