Tech moves fast! Stay ahead of the curve with Techopedia!
Join nearly 200,000 subscribers who receive actionable tech insights from Techopedia.
IT risk management is the application of the principles of risk management to an IT organization in order to manage the risks associated with the field. IT risk management aims to manage the risks that come with the ownership, involvement, operation, influence, adoption and use of IT as part of a larger enterprise.
IT risk management is a component of a larger enterprise risk management system. This encompasses not only the risks and negative effects of service and operations that can degrade organizational value, but it also takes the potential benefits of risky ventures into account.
IT risk management is a process done by IT managers to allow them to balance economic and operational costs related to using protective measures to achieve nominal gains in capability brought about by protecting the data and information systems that support an organization’s operations.
As a general rule, risk is defined as the product of the likelihood of occurrence and the impact an even could have. In IT, however, risk is defined as the product of the asset value, the system's vulnerability to that risk and the threat it poses for the organization.
IT risks are managed according to the following steps: