Software Engineering Institute

Technical professionals are often called on to research, recommend, implement, and execute IT risk assessment and analysis processes. These processes provide important data used by management to responsibly grow and protect the business through good decision making for mitigating, accepting, transferring, or avoiding risk. These decisions must account for IT risks caused by emerging threats to the enterprise and vulnerabilities in the people, processes and technologies required for digital business.

Which method you choose for IT risk assessment and risk analysis is far less important than ensuring that the selected methodology is operationalized and a good fit for the corporate culture. The selected approach must be able to produce output that is meaningful to management, and supporting processes must account for assumptions, documentation, and potential gaming of the system. Tools should be leveraged, where possible, to ease method adoption.

In this podcast, Ben Tomhave and Erik Heidt, research directors with Gartner Technical Professionals, discuss methods for IT risk assessment and analysis and comparison factors for selecting the methods that are the best fit for your organization.