Risk Management in IT: Another step for Quality

process cycle
process cycle @Image courtesy of basketman/ FreeDigitalPhotos.net

Risk Management in IT: Another step for Quality

Welcome to CodeSpread!

What is Risk?

Risk is an uncertainty. Here, this pertains to a situation where It is difficult to decide that whether a particular event will occur or not. But if it occurs then what impact it will have on a project.

The measure of a IT risk can be determined as a product of threat, vulnerability and asset values:

Risk = Threat * Vulnerability * Asset

What is Risk Management?

As the name suggests, it is related to the management of the risks or the impact of risk so that they have a minimum or no effect on the project. Risk management is all about minimizing the impact and does not mean avoiding risk.

It is a recurrent activity that deals with the analysis, planning, implementation, control and monitoring of implemented measurements and the enforced security policy.

There are four simple steps required to be followed:

  1. Identify Risks:Identify any IT risks, and documenting each and very detail about them like their source and kind of risk, area of impact and probability calculations at a centralized location.
  2. Evaluate,Categorize and Prioritize risks: Evaluate the risks by performing IT risk assessments and computations based on proven methodologies. Next, would be to categorize them. Lastly, This enables managers to prioritize their response strategies.
  3. Develop and Implement Risk Response/Mitigation plans: Risk mitigation is a systematic methodology where Key Risk Indicators should be established that will help in predicting the risks and model the risk assessment.
    Following are the options:

    • Risk Assumption. To accept the potential risk and continue operating the IT system or to implement controls to lower the risk to an acceptable level
    • Risk Avoidance. To avoid the risk by eliminating the risk cause and/or consequence.
    • Risk Limitation. To limit the risk by implementing controls that minimize the adverse impact of a threat’s exercising a vulnerability.
    • Risk Planning. To manage risk by developing a risk mitigation plan that prioritizes,implements, and maintains controls
    • Research and Acknowledgement. To lower the risk of loss by acknowledging the vulnerability or flaw and researching controls to correct the vulnerability
    • Risk Transference. To transfer the risk by using other options to compensate for the loss, such as purchasing insurance.
  4. Monitor Risk Status: When a management process is applied, it is required to be regularly monitored so as the implemented security measures are regularly monitored and reviewed. We know that business requirements, vulnerabilities and threats can change over the time so this activity ensures that the measures work as planned and that changes in the environment will have no impact.

How SDLC is supported by Risk Management?


(Source: Wikipedia)


Risk Management in IT provides upward assurance to the organizations by increased network security, effective use of IT resources,reduced management costs and continuous improvement to achieve business goals and greater compliance.

Author: hershey

A passion for knowledge drives me to do programming, A passion for programming drives me to create something different, A passion for creation drives me to spread the knowledge.

Share This Post On


  1. nice superb explaination

    Post a Reply
  2. thanks for the tutorial
    I am having a problem.
    The feature “Create SQL server database” isn’t available , I can’t select it.
    Can you help, please ?

    Post a Reply

Submit a Comment

Your email address will not be published. Required fields are marked *

More from CodeSpread:

  • Agile Encounters UnpredictabilityAgile Encounters UnpredictabilityWhat is Agile? Wikipedia says “Agile software development is a group of software development methods based on iterative and incremental development, where requirements and solutions evolve through...
  • Few lines about Static code analysisFew lines about Static code analysisStatic code analysis We divide the term into two parts: Static+code analysis. Static in programming can be referred to as non-running/non-dynamic and code analysis is a process where the code is...
  • Lean in ITLean in ITWikipedia says ‘Lean IT is the extension of lean manufacturing and lean services principles to the development and management of information technology (IT) products and services.’ What are these ...
  • SDLC: Importance of Requirement Analysis.SDLC: Importance of Requirement Analysis.What is SDLC? SDLC is the acronym for Software Development Life Cycle or System Development Life Cycle.It is a conceptual model that describes the stages involved in development of a software or a...
  • Scrum is AgileScrum is AgileIn our last article,Agile Part 1, we have explained basics of Agile and now we are sharing an article on SCRUM What is SCRUM? Wikipedia says “Scrum is an iterative and incremental agile software ...
  • User Interface DesignUser Interface DesignWhat is a User Interface? Webopedia says “Abbreviated UI, the junction between a user and a computer program. An interface is a set of commands or menus through which a user communicates with a pr...
  • Best Practices: Does Professional Database exists?Best Practices: Does Professional Database exists?What is Database? Database is a structured set of data, which facilitates storage,search and retrieval. Databases revolves around tables and relationships between them. Imagine you have a truck lo...
  • Freeze Business Logic Layer.Freeze Business Logic Layer.We regularly work on three-layer architecture for application development and always use some standard data layer and UI layer guidelines for design but what we always ignore is business logic laye...