IT RISK MANAGEMENT
IT Risk Management is a process of identifying vulnerabilities and threats to information resources used by an organization and performed by IT managers to achieve business objectives, reduce risks, and balance expenses in achieving profit and protect IT. There are two things in this definition that may require explanation. First, the risk management process is a recurring process that takes place. This is a process that has to be repeated indefinitely, due to a flexible or ever-changing business environment that causes new threats to emerge. Second, the control options used to manage risk must maintain a balance between productivity, cost, effectiveness of the mitigation, and the value of the information asset to be protected. IT Risk Management is a form of risk management for information technology. Risk management is intended to enable collaboration and information sharing to facilitate better understanding and approaches to implementing control objectives based on the risks, values and guidelines provided by appropriate control practices.