CIOs are frequently asked, “What are our IT risks?” Unfortunately, this question is too generic, since there are multiple kinds of risk. Before starting any risk assessment, IT needs to understand both the concern prompting the request and which risks need to be assessed. Moreover, everyone needs to understand that nearly all risks that affect an IT organization affect the entire business.
Risks fall into four categories that require different mitigation tools:
Business operations risk. An assessment determines the risks involved in addressing or ignoring a particular competitive threat. Analyzing competitive threats helps the company decide whether to invest the resources necessary to combat the threat.
Determining appropriate responses to competitive threats from nontraditional sources can be particularly difficult. For example, many high-tech corporations initially dismissed Microsoft as just a bunch of Harvard dropouts. They paid dearly for underestimating that risk.
Read the rest at ComputerWorld.