IT Risk Assessment
by Jim Benlein
It’s hard to think of an information technology initiative or endeavor that doesn’t include or need to include this item. Moreover, it’s difficult to think of an IT initiative where a risk assessment examines just one threat. Most, if not all, assessments consider multiple possibilities and scenarios.
Doing an IT risk assessment can be confusing and time consuming unless you have a system in place to help organize matters. Applying the ideas in this article, you can create more efficient and effective IT risk scenarios.
Before getting too far it’s important we note that while we use “IT” and “technology” in discussing these risk analyses, our focus will be on the effect or impact on Credit Union operations. For our purposes, we will define IT risk as ISACA did in its 2009 The IT Risk Framework:
“…business risk associated with the use, ownership, operation, involvement, influence, and adoption of IT within an enterprise….”
Using this definition means examining IT risks isn’t something simply handed off to IT to handle. Rather, reviewing and examining IT risks requires input and consideration by business process owners. Understanding the impact of a malware infection in the loan department needs input from loan department personnel and management, for example. – See more at: http://www.cumanagement.org/article/view/id/Tech-time-IT-risk-assessment#sthash.zBMjS6uC.dpuf