What is Risk Assessment / Risk Management
"Risk management is the application of risk management methods to information technology in order to manage IT risk, i.e.: The business risk associated with the use, ownership, operation, involvement, influence and adoption of IT within an enterprise or organization." http://searchcompliance.techtarget.com/definition/risk-management.
There are three high-level steps to risk assessment and management:
- Identification of possible risks. These risks could be from internal sources or external forces or factors. Internal sources and could include processes, gaps in policy, deficits in resourcing, change in leadership, project priorities or anything that puts the project or asset that is being assessed at risk. External factors could be new laws or regulations, political opinions, company, organization focus, additional competition, infrastructure gaps or anything that is coming from outside the project or organization that may impact the success of the project.
- Assessment of the risks. This
When to Use Risk Management
Risk management practices and methods can be used in the following ways:
- Assessment and management of risk for a specific topic like privacy or security.
- Assessment and management of risks during the lifecycle of a project.
- Assessment of risks when creating a Business Continuity Plan for continuing business after a disaster or crisis that has impact on electricity, internet availability, server use or software use.
Example Tools and Templates
Additional Resources