An IT risk assessment is a document that reviews the possible threats your organization faces, natural and/or man-made. These threats are weighted by the likelihood of occurrence and then multiplied by their affect on the operation. The result is a value that you can use to determine if you wish to protect against the threat (mitigate or eliminate it), or ignore it. The threats are based upon known occurrences such as a flood threat or geological fault.
When you assess the risks associated in your IT disaster recovery (DR) environment, you must be objective in the view and more importantly do some research into the likelihood of this risk actually occurring. There are many resources available on the internet to assist in the evaluation of an IT risk assessment, such as FEMA or NOAA.
For more on IT risk assessment and management:
- Five financial risk management action items
- Learn how to minimize your business risks with disaster recovery audits.
- Be prepared for any disaster with these disaster recovery and business continuity templates.
- Find out if your disaster recovery program is mature enough to handle risks associated with your environment in this tip.
- Listen to a podcast on IT risk management in the enterprise.
- Get a chapter excerpt on three core disciplines of information technology risk management.
This was first published in April 2010