IT Risks Assessment
Previously I mentioned the equation: -
IT Risk – IT Controls = IT Exposure.
First, let’s focus on the IT Risk part. I have expressed the risk equation as follows:
Risk = Impact x Likelihood
Impact can be rated in the scale of 1 to 3, for example: -
High (3)
Could prevent the organisation from achieving all, or a major part, of its objectives for a long time
Medium (2)
Could prevent the organisation from achieving its objectives for a limited period
Low (1)
Could cause minor inconvenience, not affecting the achievement of objectives
Likelihood can be rated in the scale of 1 to 3, for example: -
High (3)
Certain / Has Happened
Medium (2)
Possible / May Happen
Low (1)
Unlikely / Never Happen
Subsequently, the “Impact” and “Likelihood” of the failure in that particular area will be multiplied to give a total “Risk” score.
Labels: risk
posted by man at 1:54 AM
0 Comments:
Post a Comment
<< Home