Professional Documents
Culture Documents
Introduction to IT Risk
Management
assets
threat
vulnerability
Over the past decade, the term governance has moved to the forefront of
business thinking in response to examples demonstrating the importance of
good governance and, on the other end of the scale, global business
mishaps.
The corporate governance of IT is the system by which the current and future
use of IT is evaluated, directed and controlled.
2.
3.
4.
The risk identification effort should result in the listing and documentation of
risk.
This step aligns with the next phase of the IT risk management process: IT
risk assessment.
The effort to asses risk, including the prioritization of risk, will provide
management with data required for consideration as a key factor in
the next phase, risk response and mitigation.
Risk response and mitigation addresses the risk appetite and tolerance
of the organization and the need to find cost-effective ways to address
risk.
A failure in any step of the cycle may cause a deficiency that will
affect the other phases.
Minimized loss
Improved controls
Every business faces the decision of how much risk to take and what
opportunities to forego.
This is a decision that reflects the risk acceptance level of the senior
management.
The risk is that the business continuity plan (BCP) may not be
adequate or accurate, thereby leading to a failure to recover
effectively from an incident.
Control Risk
Project Risk
Change Risk
There are many variables that a risk practitioner must consider and
many decisions that a risk practitioner must make, but the success of
the IT risk management effort is usually based on having an
organization wide perspective of the risk management of risk,
following a structured methodology and gathering the correct
information.