IT Governance, Risk, and Compliance

Apr 1 2011   6:32PM GMT

Managing the Dynamic Uncertainties of IT – Part VII

Robert Davis Robert Davis Profile: Robert Davis

An IT risk assessment can classify information assets by criticality, sensitivity, and impact on operations. For most entities, comprehensive IT risks evaluations should be iterative and adaptive processes. Therefore, adequate IT risk management normally requires quarterly risk assessments to ensure established risk tolerance levels are maintained. Simultaneously, risk assessments should be considered whenever there is a change in the entity’s operations or use of technology, or when outside influences affect operations. However, unless mandated by law or regulation, risk assessment costs should not outweigh benefits derived from managerial due diligence.

View Part I of the Managing the Dynamic Uncertainties of IT series here

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: