IT Risk Management Posture
As dependence on IT grows, IT risk is emerging as a agement. Not surprisingly, attendees defined risk in many
significant component of the total business risk compa- different ways. However, most agreed that categories of
nies face today. IT system failures are becoming synony- IT risk include:
mous with business failures – and companies are realizing • Security – The risk that internal and external threats
they must embrace a new approach to managing IT risk, may result in unauthorized access to information.
performance, and cost in order to generate capacity for • Availability – The risk that information might be
continued innovation through IT. inaccessible due to unplanned system outages.
While concern about IT risk is on the rise, confidence • Performance – The risk that information might be
about current capability to manage IT risk is generally inaccessible due to performance bottlenecks.
quite low. In February 2007, Symantec published the • Compliance – The risk of violating regulatory manIT Risk Report, which analyzed results from a year long dates or failing to meet internal policy requirements.
study based on interviews with more than 500 IT execu- Most companies noted that before they can address
tives and professionals. Sixty percent of study participants IT risk, they must first assess risk exposure, quantify the
indicated they expect at least one IT incident to affect impact of IT risks to the business, and prioritize invest-their organization every year. ments accordingly.
During the last eight months, Ziff Davis Media con- The stakes are high. “We can’t afford to be on the front
ducted a series of IT executive round-table discussions, page of The Wall Street Journal,” said a vice president of
sponsored by Symantec, to better understand the issues IT at a major financial institution. Indeed, companies
companies are facing when dealing with IT Risk Man- are increasingly coming to realize that outages and
IT Risk Assessment and Management Process
of IT Risks