Risk Management for Information Technology

An error occurred trying to load this video.

Try refreshing the page, or contact customer support.

Coming up next: The Impact of Business Decisions on Stakeholders

You're on a roll. Keep up the good work!

Take Quiz Watch Next Lesson
Your next lesson will play in 10 seconds
  • 0:03 Risk Management
  • 0:35 Types of Risk
  • 1:08 Risk Identification
  • 1:56 Risk Analysis
  • 2:46 Risk Response
  • 4:09 Lesson Summary
Save Save Save

Want to watch this again later?

Log in or sign up to add this lesson to a Custom Course.

Log in or Sign up

Speed Speed
Lesson Transcript
Instructor: William Pace

William has a Phd in business project management and an MS in forensic science.

In this lesson, we'll learn about risk management in an IT setting and how to develop and enact responses to risks in the workplace. Take a short quiz afterward to test your knowledge.

Risk Management

Risk management is the series of processes involved in dealing with uncertain events in the workplace. In the information technology field (as in many other fields), risk management starts with identifying risks, both positive and negative. These are analyzed in order to prioritize which risks need responses and which do not need immediate responses but should remain on a watch list. Analyzed and prioritized risks need to have a planned response, which includes a detailed action plan which should be executed should the risk occur.

Types of Risk

Risks can either be positive or negative. Positive risks are called opportunities. These are events that have a good outcome should they come to pass, although an element of uncertainty is still involved. In an IT setting, this could include hardware being shipped quicker than expected or software having fewer bugs than planned for.

Negative risks are called threats. These are uncertain events that will have a negative outcome. This can include a staff member installing malware on a company computer or a hacker executing an attack on the company server.

Risk Identification

As aforementioned, the first step in risk management is to identify risks. A risk has between a 1 and 99% chance of occurring. If the event will not happen (0%), it does not need to be analyzed; if the event will absolutely occur (100%), it's not a risk and needs to be dealt with separately.

A common strategy for risk identification is to begin with risk categories and then assign specific risks to those categories. In IT, categories could include hardware, software, network, or physical risks. Then specific risks can be assigned to those categories. Specific risks might include hardware failure, software bugs, the network suffering a DDOS attack, or a fire in the IT building.

Risk Analysis

In order to prioritize risks, they are assigned a probability and impact score within a risk matrix. Probability is the likelihood that the event will occur. Impact is the consequence of the event occurring. Traditionally, these are on scales of low, medium, and high. The following is an example of a risk matrix.

Risk Matrix

To unlock this lesson you must be a Member.
Create your account

Register to view this lesson

Are you a student or a teacher?

Unlock Your Education

See for yourself why 30 million people use

Become a member and start learning now.
Become a Member  Back
What teachers are saying about
Try it risk-free for 30 days

Earning College Credit

Did you know… We have over 200 college courses that prepare you to earn credit by exam that is accepted by over 1,500 colleges and universities. You can test out of the first two years of college and save thousands off your degree. Anyone can earn credit-by-exam regardless of age or education level.

To learn more, visit our Earning Credit Page

Transferring credit to the school of your choice

Not sure what college you want to attend yet? has thousands of articles about every imaginable degree, area of study and career path that can help you find the school that's right for you.

Create an account to start this course today
Try it risk-free for 30 days!
Create an account