Risk Management Guide for Information Technology Systems describes a risk management methodology, framework and process for risk assessment, evaluation and management.
This risk management guide provides a foundation for the development of an effective risk management program, containing both the definitions and the practical guidance necessary for assessing and mitigating risks identified within IT systems. The ultimate goal is to help organizations to better manage IT-related mission risks.
This risk management guide covers the following topics:
- Overview of risk management, how it fits into the system development life cycle (SDLC), and the roles of individuals who support and use this process.
- Risk assessment methodology and the nine primary steps in conducting a risk assessment of an IT system
- Risk mitigation process, including risk mitigation options and strategy, approach for control implementation, control categories, cost-benefit analysis, and residual risk.
- Ongoing risk evaluation and assessment and the factors that lead to a successful risk management program.