It Risk Managment

Introduction
This paper will address the need to have a proper information technology risk management program in place within organizations. With the current trend of increased dependence on technology for business and personal use the need to protect informational assets is becoming of greater concern. Every organization has a mission. IT risk management is the process of applying risk management techniques to manage IT risks and; therefore, protect and support the organizations' mission.
An effective risk management program is an essential component of a successful IT security program.   The primary goal of a risk management process should be to protect the organization and its ability to effectively perform their mission, not just protect its IT assets. Risk management should be treated as a critical component, which is needed to ensure success and not just a task to be completed.
Why Risk Management
Risk management programs are comprised of three main components: assessment, mitigation, and risk treamtment. “Risk management is the process that allows IT managers to balance the operational and economic costs of protective measures and achieve gains in mission capability by protecting the IT systems and data that support their organizations’ missions” (Wikipedia). Risk management is not only utilized in the IT environment and the business world; it is prevalent in all our daily decision-making in both our business and personal lives. For instance, choosing to buy a car versus lease, purchasing a security system or even buying life insurance, all of these processes involve weighing risks and probabilities.
Organizational leaders must ensure that the organization has the processes in place that are needed to accomplish its mission.   They must determine if the security capabilities that their IT systems have can provide the required level of support to manage threats to their goals and mission. In order to offset the weaknesses of traditional security,...