What is an IT risk assessment, and how can you properly evaluate the risks in your environment?
An IT risk assessment is a document that reviews the possible threats your organization faces, natural and/or man-made. These threats are weighted by the likelihood of occurrence and then multiplied by their affect on the operation. The result is a value that you can use to determine if you wish to protect against the threat (mitigate or eliminate it), or ignore it. The threats are based upon known occurrences such as a flood threat or geological fault.
When you assess the risks associated in your IT disaster recovery (DR) environment, you must be objective in the view and more importantly do some research into the likelihood of this risk actually occurring. There are many resources available on the internet to assist in the evaluation of an IT risk assessment, such as FEMA or NOAA.
For more on IT risk assessment and management:
- Five financial risk management action items
- Learn how to minimize your business risks with disaster recovery audits.
- Be prepared for any disaster with these disaster recovery and business continuity templates.
- Find out if your disaster recovery program is mature enough to handle risks associated with your environment in this tip.
- Listen to a podcast on IT risk management in the enterprise.
- Get a chapter excerpt on three core disciplines of information technology risk management.
How to include staff in your IT risk assessment planning
Dig Deeper on Disaster recovery planning - management
Related Q&A from Harvey Betan
The hot site vs. cold site debate requires users to understand how each DR site works and the resources needed. While one is more budget-friendly, ... Continue Reading
Learn about the pros and cons of business impact analysis tools and what should be in your BIA. Continue Reading
Learn how to present your business impact analysis methodology to your organization in this expert response. Continue Reading