Information Technology Risk (IT Risk) - Revision history

User at 18:28, 30 August 2023

2023-08-30T18:28:15Z

User at 03:31, 3 January 2023

2023-01-03T03:31:12Z

User at 19:57, 20 July 2022

2022-07-20T19:57:07Z

User: The LinkTitles extension automatically added links to existing pages (https://github.com/bovender/LinkTitles).

2021-02-06T16:33:51Z

The LinkTitles extension automatically added links to existing pages (https://github.com/bovender/LinkTitles).

User at 16:06, 20 March 2020

2020-03-20T16:06:15Z

User at 16:17, 3 March 2020

2020-03-03T16:17:13Z

User at 20:07, 25 September 2019

2019-09-25T20:07:11Z

User at 18:53, 25 September 2019

2019-09-25T18:53:32Z

User: /* References */

2019-09-25T18:28:38Z

References

User at 18:28, 25 September 2019

2019-09-25T18:28:18Z

← Older revision		Revision as of 18:28, 30 August 2023
Line 1:		Line 1:
	== Definition of IT Risk (Information Technology Risk) ==		== Definition of IT Risk (Information Technology Risk) ==
−	'''Information Technology [[Risk]], IT risk, IT-Related Risk, Technology Risk''' or '''Cyber Risk''' is any risk related to ~~information technology~~. While information has long been appreciated as a valuable and important asset, the rise of the knowledge economy and the Digital Revolution has led to organizations becoming increasingly dependent on information, information processing, and especially IT. Various events or incidents that compromise IT in some way can therefore cause adverse impacts on the organization's business processes or mission, ranging from inconsequential to catastrophic in scale. Assessing the probability or likelihood of various types of event/incident with their predicted impacts or consequences, should they occur, is a common way to assess and measure IT risks. Alternative methods of measuring IT risk typically involve assessing other contributory factors such as the threats, vulnerabilities, exposures, and asset values.<ref>Definition - What is Information Technology Risk (IT Risk)? [https://en.wikipedia.org/wiki/IT_risk Wikipedia]</ref>	+	'''Information Technology [[Risk]], IT risk, IT-Related Risk, Technology Risk''' or '''Cyber Risk''' is any risk related to [[Information Technology (IT)]]. While information has long been appreciated as a valuable and important asset, the rise of the knowledge economy and the Digital Revolution has led to organizations becoming increasingly dependent on information, information processing, and especially IT. Various events or incidents that compromise IT in some way can therefore cause adverse impacts on the organization's business processes or mission, ranging from inconsequential to catastrophic in scale. Assessing the probability or likelihood of various types of event/incident with their predicted impacts or consequences, should they occur, is a common way to assess and measure IT risks. Alternative methods of measuring IT risk typically involve assessing other contributory factors such as the threats, vulnerabilities, exposures, and asset values.<ref>Definition - What is Information Technology Risk (IT Risk)? [https://en.wikipedia.org/wiki/IT_risk Wikipedia]</ref>

@@ Line 1: / Line 1: @@
 == Definition of IT Risk (Information Technology Risk) ==
-'''Information Technology [[Risk]], IT risk, IT-Related Risk, Technology Risk''' or '''Cyber Risk''' is any risk related to [[Information Technology (IT)|information technology]]. While information has long been appreciated as a valuable and important [[asset]], the rise of the knowledge economy and the Digital Revolution has led to organizations becoming increasingly dependent on information, information processing and especially IT. Various events or incidents that compromise IT in some way can therefore cause adverse impacts on the [[organization]]'s [[Business Process|business processes]] or [[Business Mission|mission]], ranging from inconsequential to catastrophic in scale. Assessing the probability or likelihood of various types of event/incident with their predicted impacts or consequences, should they occur, is a common way to assess and measure IT risks. Alternative methods of measuring IT risk typically involve assessing other contributory factors such as the threats, vulnerabilities, exposures, and asset values.<ref>Definition - What is Information Technology Risk (IT Risk)? [https://en.wikipedia.org/wiki/IT_risk Wikipedia]</ref>
+'''Information Technology [[Risk]], IT risk, IT-Related Risk, Technology Risk''' or '''Cyber Risk''' is any risk related to information technology. While information has long been appreciated as a valuable and important asset, the rise of the knowledge economy and the Digital Revolution has led to organizations becoming increasingly dependent on information, information processing, and especially IT. Various events or incidents that compromise IT in some way can therefore cause adverse impacts on the organization's business processes or mission, ranging from inconsequential to catastrophic in scale. Assessing the probability or likelihood of various types of event/incident with their predicted impacts or consequences, should they occur, is a common way to assess and measure IT risks. Alternative methods of measuring IT risk typically involve assessing other contributory factors such as the threats, vulnerabilities, exposures, and asset values.<ref>Definition - What is Information Technology Risk (IT Risk)? [https://en.wikipedia.org/wiki/IT_risk Wikipedia]</ref>
 == What Causes Technology Risk?<ref>What Causes Technology Risk?  [http://blousteinlocal.rutgers.edu/wp-content/uploads/2015/11/BLGRC-managing-technology-risk.pdf Marc H. Pfeiffer, MPA]</ref> ==
-A [[Taxonomy]] of [[Cyber Security]]/[[Operational Risk|Operational Risks]] has identified four primary causes:
+A Taxonomy of [[Cyber Security]]/Operational Risks has identified four primary causes:
 *Actions of People – activities that people either perform or fail to perform that cause harm. These people can be insiders or outsiders; their actions can be inadvertent or deliberate, or the result of no action at all.
-*Systems and Technology Failures – reflects the abnormal or unexpected functioning of technology. This can include [[hardware]], [[software]] or integrated systems.
+*Systems and Technology Failures – reflects the abnormal or unexpected functioning of technology. This can include hardware, software or integrated systems.
-*Failed Internal Processes – the failure of internal processes to perform as needed or expected. This comes from poor [[process]] [[design]] or execution, or faulty process controls.
+*Failed Internal Processes – the failure of internal processes to perform as needed or expected. This comes from poor process design or execution, or faulty process controls.
-*External Events – events that are generally (but not always) outside the organization’s [[control]]; these include disasters, infrastructure failure, legal issues, [[business]] issues, and [[service]] dependencies.
+*External Events – events that are generally (but not always) outside the organization’s control; these include disasters, infrastructure failure, legal issues, business issues, and service dependencies.
 == Types of IT Threats<ref>What are the Different Types of Threats that Information Technology Faces? [https://www.business.qld.gov.au/running-business/protecting-business/risk-management/it-risk-management/checklist QLD.Gov]</ref> ==
 <br />
-*General IT Threats: General threats to IT systems and [[data]] include:
+*General IT Threats: General threats to IT systems and data include:
-**Hardware and Software Failure - such as [[power]] loss or data corruption
+**Hardware and Software Failure - such as power loss or data corruption
-**[[Malware]] - malicious software designed to disrupt [[computer]] operation
+**Malware - malicious software designed to disrupt computer operation
 **Viruses - computer code that can copy itself and spread from one computer to another, often disrupting computer operations
-**[[Spam]], Scams and [[Phishing]] - unsolicited email that seeks to fool people into revealing personal details or buying fraudulent goods
+**Spam, Scams and Phishing - unsolicited email that seeks to fool people into revealing personal details or buying fraudulent goods
 **Human Error - incorrect data processing, careless data disposal, or accidental opening of infected email attachments.
 *Criminal IT threats: Specific or targeted criminal threats to IT systems and data include:
 **Hackers - people who illegally break into computer systems
 **Fraud - using a computer to alter data for illegal benefit
-**Passwords Theft - often a [[target]] for malicious hackers
+**Passwords Theft - often a target for malicious hackers
-**Denial-of-Service - online attacks that prevent [[website]] access for authorised users
+**Denial-of-Service - online attacks that prevent website access for authorised users
 **Security Breaches - includes physical break-ins as well as online intrusion
-**Staff Dishonesty - theft of data or sensitive information, such as [[customer]] details.
+**Staff Dishonesty - theft of data or sensitive information, such as customer details.
 *Natural disasters and IT systems
 **Natural disasters such as fire, cyclone and floods also present risks to IT systems, data and infrastructure.
@@ Line 35: / Line 35: @@
 *Security - eg compromised business data due to unauthorised access or use
 *Availability - eg inability to access your IT systems needed for business operations
-*Performance - eg reduced [[productivity]] due to slow or delayed access to IT systems
+*Performance - eg reduced productivity due to slow or delayed access to IT systems
-*[[Compliance]] - eg failure to follow laws and regulations (eg data protection)
+*Compliance - eg failure to follow laws and regulations (eg data protection)
 IT risks vary in range and nature. It's important to be aware of all the different types of IT risk potentially affecting your business.
 == See Also ==
 *[[IT Governance]]
 *[[Risk IT Framework]]
 == References ==
 <references/>

@@ Line 41: / Line 41: @@
 == See Also ==
-[[Risk Analysis]]<br />
+*[[Governance, Risk And Compliance (GRC)]]
-[[Risk Assessment Framework (RAF)]]<br />
+*[[IT Governance]]
-[[Risk Management]]<br />
+*[[Risk Analysis]]
-[[Risk Management Framework (RMF)]]<br />
+*[[Risk Assessment Framework (RAF)]]
-[[Information Technology Risk (IT Risk)]]<br />
+*[[Risk Management]]
-[[Information Technology (IT)]]<br />
+*[[Risk Management Framework (RMF)]]
-[[Enterprise Risk Management (ERM)]]<br />
+*[[Information Technology Risk (IT Risk)]]
-[[Risk IT Framework]]<br />
+*[[Information Technology (IT)]]
-[[Risk Based Testing]]<br />
+*[[Enterprise Risk Management (ERM)]]
-[[Risk-Adjusted Return]]<br />
+*[[Risk IT Framework]]
-[[Risk-Adjusted Return on Capital (RAROC)]]<br />
+*[[Risk Based Testing]]
-[[Risk Matrix]]<br />
+*[[Risk-Adjusted Return]]
-[[Risk Maturity]]<br />
+*[[Risk-Adjusted Return on Capital (RAROC)]]
-[[Risk Maturity Model (RMM)]]<br />
+*[[Risk Matrix]]
-[[Risk Mitigation]]
+*[[Risk Maturity]]
 == References ==
 <references/>

@@ Line 1: / Line 1: @@
 == Definition of IT Risk (Information Technology Risk) ==
-'''Information Technology Risk, IT risk, IT-Related Risk, Technology Risk''' or '''Cyber Risk''' is any risk related to [[Information Technology (IT)|information technology]]. While information has long been appreciated as a valuable and important asset, the rise of the knowledge economy and the Digital Revolution has led to organizations becoming increasingly dependent on information, information processing and especially IT. Various events or incidents that compromise IT in some way can therefore cause adverse impacts on the organization's [[Business Process|business processes]] or [[Business Mission|mission]], ranging from inconsequential to catastrophic in scale. Assessing the probability or likelihood of various types of event/incident with their predicted impacts or consequences, should they occur, is a common way to assess and measure IT risks. Alternative methods of measuring IT risk typically involve assessing other contributory factors such as the threats, vulnerabilities, exposures, and asset values.<ref>Definition - What is Information Technology Risk (IT Risk)? [https://en.wikipedia.org/wiki/IT_risk Wikipedia]</ref>
+'''Information Technology [[Risk]], IT risk, IT-Related Risk, Technology Risk''' or '''Cyber Risk''' is any risk related to [[Information Technology (IT)|information technology]]. While information has long been appreciated as a valuable and important [[asset]], the rise of the knowledge economy and the Digital Revolution has led to organizations becoming increasingly dependent on information, information processing and especially IT. Various events or incidents that compromise IT in some way can therefore cause adverse impacts on the [[organization]]'s [[Business Process|business processes]] or [[Business Mission|mission]], ranging from inconsequential to catastrophic in scale. Assessing the probability or likelihood of various types of event/incident with their predicted impacts or consequences, should they occur, is a common way to assess and measure IT risks. Alternative methods of measuring IT risk typically involve assessing other contributory factors such as the threats, vulnerabilities, exposures, and asset values.<ref>Definition - What is Information Technology Risk (IT Risk)? [https://en.wikipedia.org/wiki/IT_risk Wikipedia]</ref>
 == What Causes Technology Risk?<ref>What Causes Technology Risk?  [http://blousteinlocal.rutgers.edu/wp-content/uploads/2015/11/BLGRC-managing-technology-risk.pdf Marc H. Pfeiffer, MPA]</ref> ==
-A Taxonomy of [[Cyber Security]]/[[Operational Risk|Operational Risks]] has identified four primary causes:
+A [[Taxonomy]] of [[Cyber Security]]/[[Operational Risk|Operational Risks]] has identified four primary causes:
 *Actions of People – activities that people either perform or fail to perform that cause harm. These people can be insiders or outsiders; their actions can be inadvertent or deliberate, or the result of no action at all.
-*Systems and Technology Failures – reflects the abnormal or unexpected functioning of technology. This can include hardware, software or integrated systems.
+*Systems and Technology Failures – reflects the abnormal or unexpected functioning of technology. This can include [[hardware]], [[software]] or integrated systems.
-*Failed Internal Processes – the failure of internal processes to perform as needed or expected. This comes from poor process design or execution, or faulty process controls.
+*Failed Internal Processes – the failure of internal processes to perform as needed or expected. This comes from poor [[process]] [[design]] or execution, or faulty process controls.
-*External Events – events that are generally (but not always) outside the organization’s control; these include disasters, infrastructure failure, legal issues, business issues, and service dependencies.
+*External Events – events that are generally (but not always) outside the organization’s [[control]]; these include disasters, infrastructure failure, legal issues, [[business]] issues, and [[service]] dependencies.
 == Types of IT Threats<ref>What are the Different Types of Threats that Information Technology Faces? [https://www.business.qld.gov.au/running-business/protecting-business/risk-management/it-risk-management/checklist QLD.Gov]</ref> ==
 <br />
-*General IT Threats: General threats to IT systems and data include:
+*General IT Threats: General threats to IT systems and [[data]] include:
-**Hardware and Software Failure - such as power loss or data corruption
+**Hardware and Software Failure - such as [[power]] loss or data corruption
-**Malware - malicious software designed to disrupt computer operation
+**[[Malware]] - malicious software designed to disrupt [[computer]] operation
 **Viruses - computer code that can copy itself and spread from one computer to another, often disrupting computer operations
-**Spam, Scams and Phishing - unsolicited email that seeks to fool people into revealing personal details or buying fraudulent goods
+**[[Spam]], Scams and [[Phishing]] - unsolicited email that seeks to fool people into revealing personal details or buying fraudulent goods
 **Human Error - incorrect data processing, careless data disposal, or accidental opening of infected email attachments.
 *Criminal IT threats: Specific or targeted criminal threats to IT systems and data include:
 **Hackers - people who illegally break into computer systems
 **Fraud - using a computer to alter data for illegal benefit
-**Passwords Theft - often a target for malicious hackers
+**Passwords Theft - often a [[target]] for malicious hackers
-**Denial-of-Service - online attacks that prevent website access for authorised users
+**Denial-of-Service - online attacks that prevent [[website]] access for authorised users
 **Security Breaches - includes physical break-ins as well as online intrusion
-**Staff Dishonesty - theft of data or sensitive information, such as customer details.
+**Staff Dishonesty - theft of data or sensitive information, such as [[customer]] details.
 *Natural disasters and IT systems
 **Natural disasters such as fire, cyclone and floods also present risks to IT systems, data and infrastructure.
@@ Line 35: / Line 35: @@
 *Security - eg compromised business data due to unauthorised access or use
 *Availability - eg inability to access your IT systems needed for business operations
-*Performance - eg reduced productivity due to slow or delayed access to IT systems
+*Performance - eg reduced [[productivity]] due to slow or delayed access to IT systems
-*Compliance - eg failure to follow laws and regulations (eg data protection)
+*[[Compliance]] - eg failure to follow laws and regulations (eg data protection)
 IT risks vary in range and nature. It's important to be aware of all the different types of IT risk potentially affecting your business.

← Older revision		Revision as of 16:06, 20 March 2020
Line 1:		Line 1:
−	== Definition of Information Technology Risk ==	+	== Definition of IT Risk (Information Technology Risk) ==
	'''Information Technology Risk, IT risk, IT-Related Risk, Technology Risk''' or '''Cyber Risk''' is any risk related to [[Information Technology (IT)\|information technology]]. While information has long been appreciated as a valuable and important asset, the rise of the knowledge economy and the Digital Revolution has led to organizations becoming increasingly dependent on information, information processing and especially IT. Various events or incidents that compromise IT in some way can therefore cause adverse impacts on the organization's [[Business Process\|business processes]] or [[Business Mission\|mission]], ranging from inconsequential to catastrophic in scale. Assessing the probability or likelihood of various types of event/incident with their predicted impacts or consequences, should they occur, is a common way to assess and measure IT risks. Alternative methods of measuring IT risk typically involve assessing other contributory factors such as the threats, vulnerabilities, exposures, and asset values.<ref>Definition - What is Information Technology Risk (IT Risk)? [https://en.wikipedia.org/wiki/IT_risk Wikipedia]</ref>		'''Information Technology Risk, IT risk, IT-Related Risk, Technology Risk''' or '''Cyber Risk''' is any risk related to [[Information Technology (IT)\|information technology]]. While information has long been appreciated as a valuable and important asset, the rise of the knowledge economy and the Digital Revolution has led to organizations becoming increasingly dependent on information, information processing and especially IT. Various events or incidents that compromise IT in some way can therefore cause adverse impacts on the organization's [[Business Process\|business processes]] or [[Business Mission\|mission]], ranging from inconsequential to catastrophic in scale. Assessing the probability or likelihood of various types of event/incident with their predicted impacts or consequences, should they occur, is a common way to assess and measure IT risks. Alternative methods of measuring IT risk typically involve assessing other contributory factors such as the threats, vulnerabilities, exposures, and asset values.<ref>Definition - What is Information Technology Risk (IT Risk)? [https://en.wikipedia.org/wiki/IT_risk Wikipedia]</ref>

← Older revision		Revision as of 18:53, 25 September 2019
Line 1:		Line 1:
−	Information Technology Risk, IT risk, IT-Related Risk, or Cyber Risk is any risk related to information technology. While information has long been appreciated as a valuable and important asset, the rise of the knowledge economy and the Digital Revolution has led to organizations becoming increasingly dependent on information, information processing and especially IT. Various events or incidents that compromise IT in some way can therefore cause adverse impacts on the organization's business processes or mission, ranging from inconsequential to catastrophic in scale. Assessing the probability or likelihood of various types of event/incident with their predicted impacts or consequences, should they occur, is a common way to assess and measure IT risks. Alternative methods of measuring IT risk typically involve assessing other contributory factors such as the threats, vulnerabilities, exposures, and asset values.<ref>Definition - What is Information Technology Risk (IT Risk)? [https://en.wikipedia.org/wiki/IT_risk Wikipedia]</ref>	+	== Definition of Information Technology Risk ==
		+	Information Technology Risk, IT risk, IT-Related Risk, Technology Risk or Cyber Risk is any risk related to information technology. While information has long been appreciated as a valuable and important asset, the rise of the knowledge economy and the Digital Revolution has led to organizations becoming increasingly dependent on information, information processing and especially IT. Various events or incidents that compromise IT in some way can therefore cause adverse impacts on the organization's business processes or mission, ranging from inconsequential to catastrophic in scale. Assessing the probability or likelihood of various types of event/incident with their predicted impacts or consequences, should they occur, is a common way to assess and measure IT risks. Alternative methods of measuring IT risk typically involve assessing other contributory factors such as the threats, vulnerabilities, exposures, and asset values.<ref>Definition - What is Information Technology Risk (IT Risk)? [https://en.wikipedia.org/wiki/IT_risk Wikipedia]</ref>
		+
		+
		+	== What Causes Technology Risk?<ref>What Causes Technology Risk? [http://blousteinlocal.rutgers.edu/wp-content/uploads/2015/11/BLGRC-managing-technology-risk.pdf Marc H. Pfeiffer, MPA]</ref> ==
		+	A Taxonomy of Cyber Security/Operational Risks4 has identified four primary causes:
		+	*Actions of People – activities that people either perform or fail to perform that cause harm. These people can be insiders or outsiders; their actions can be inadvertent or deliberate, or the result of no action at all.
		+	*Systems and Technology Failures – reflects the abnormal or unexpected functioning of technology. This can include hardware, software or integrated systems.
		+	*Failed Internal Processes – the failure of internal processes to perform as needed or expected. This comes from poor process design or execution, or faulty process controls.
		+	*External Events – events that are generally (but not always) outside the organization’s control; these include disasters, infrastructure failure, legal issues, business issues, and service dependencies.

← Older revision		Revision as of 18:28, 25 September 2019
Line 36:		Line 36:
	== References ==		== References ==

−	<references/.	+	<references/>

← Older revision		Revision as of 18:28, 25 September 2019
Line 29:		Line 29:
	*Compliance - eg failure to follow laws and regulations (eg data protection)		*Compliance - eg failure to follow laws and regulations (eg data protection)
	IT risks vary in range and nature. It's important to be aware of all the different types of IT risk potentially affecting your business.		IT risks vary in range and nature. It's important to be aware of all the different types of IT risk potentially affecting your business.
		+
		+
		+	== See Also ==
		+
		+
		+	== References ==
		+
		+	<references/.