IT Governance, Risk, and Compliance

Mar 8 2013   10:41PM GMT

Risk Management: Is it just another set of business buzzwords? – Part V

Robert Davis Robert Davis Profile: Robert Davis

Usually, IT risk analysis has four primary goals:

  • Identifying assets and their associated values
  • Identifying vulnerabilities and threats
  • Quantifying the probability and business impact of potential threats
  • Providing an economic balance between threat impact and countermeasure cost

Normally, the IT Threat Assessment precedes the IT Vulnerability Assessment. However, Vulnerability Analysis results can identify relevant threats and Threat or Opportunity Analysis results can identify relevant vulnerabilities. The Association of Insurance and Risk Managers, the Association of Local Authority Risk Managers, and the Institute of Risk Management business risk model categories can be mapped into IT risk analysis. For example, usually risk identification, description, and estimation are respectively included as asset valuation, action plan, and risk evaluation sub-processes.


Davis, Robert E. (2011). Assuring IT Governance. Available from and

Davis, Robert E. (2006). IT Auditing: IT Governance. Mission Viejo: Pleier. CD-ROM.


 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: