What is Risk Assessment / Risk Management 

"Risk management is the application of risk management methods to information technology in order to manage IT risk, i.e.: The business risk associated with the use, ownership, operation, involvement, influence and adoption of IT within an enterprise or organization." http://searchcompliance.techtarget.com/definition/risk-management.  

There are three high-level steps to risk assessment and management:  

  1. Identification of possible risks.  These risks could be from internal sources or external forces or factors.  Internal sources and could include processes, gaps in policy, deficits in resourcing, change in leadership, project priorities or anything that puts the project or asset that is being assessed at risk.  External factors could be new laws or regulations, political opinions, company, organization focus, additional competition, infrastructure gaps or anything that is coming from outside the project or organization that may impact the success of the project.  
  2. Assessment of the risks.  This 

When to Use Risk Management 

Risk management practices and methods can be used in the following ways:  

Example Tools and Templates

Additional Resources