Information technology risk is the potential for technology occurances that result in losses.
This includes the project failures, operational problems and information security incidents.
Major types of IT risk.
- Architecture RiskIT = structures that fail to support operations or projects.
- Artificial Intelligence Risks - Category of risk associated with technologies that learn and self improve. (skynet)
- Asset Management Risk = Failure to control and secure IT assets such as loss of mobile devices and laptops.
- Audit Risk - The chance that an IT audit will miss things such as security vulnerabilities or legacy risks.
- Availability = Downtime of IT systems and services.
- Benefit Shortfall - Investments in IT that fail to achieve projected return on investment.
- Budget Risk = IT programs, projects or operations teams that go over budget. In many cases, going under budget is considered a positive risk.
- Capacity - Capacity management failures such as an overloaded network connection or Denail of services, that causes process failures.
- Change Control = A failure to control change to complex systems including practices such as change management and configuration management.
- Compliance Violations - The potential that you will violate laws or regulations.
- Contract Risk = A counterparty that fails to meet its contractual obligations to you such as violations of a service level agreement.
- Data Loss - Loss of data that can not be restored.
- Data Quality = Poor quality data that causes losses due to factors such as process failures, compliance issues or declining customer satisfaction.
- Decision Quality - Sub-optimal decision automation or inaccurate decision support information such as analytics.
- Design Debt = A low quality design that results in future costs.
- Facility Risk - Risks related to facilities such as data centers.
- Infrastructure Risk = Failures of basic services such as networks, power and computing resources.
- Innovation Risk - A special category of risk associated with experimentation and aggressive rates of change. Typically requires novel approaches to risk management such as designing activities to fail well.
- Integration Risk = The potential for integration of organizations, departments, processes, technology or data to fail.
- Legacy Technology - Technology that is out of the date to the extent that it is difficult to maintain and at risk of failures.
- Operational Risk = The potential for technology failures to disrupt core business processes.
- Partner Risk - Risks associated with technology partners such as service providers.
- Physical Security = Physical security related to IT such as security at data centers.
- Process Risk - The potential for processes to be disrupted by IT failures.
- Procurement Risk = Procurement is the purchasing of services, products and resources. It is prone to a number of risks including the chance of fraud, cost and quality issues.
- Project Risk - In many cases, IT projects have a high rate of failure due to a number of risk factors such as scope creep, estimation errors and resistance to change.
- Quality Risk = Failures of quality assurance and other quality related practices such as service management.
- Regulatory Risk - The potential for new information technology related regulations.
- Resource Risk = An inability to secure resources such as skilled employees.
- Security Threats - Security threats such as malware and hackers.
- Security Vulnerabilities = Security vulnerabilities such as weak passwords and poorly designed software.
- Single Point Of Failure - A small component of a large system that brings the entire system down when it fails.
- Strategy Risk = The risks associated with a particular IT strategy.
- Technical Debt - Weak technology implementations that are likely to result in future costs such as a big ball of mud.
- Transaction Processing Risk = Failures of transaction processing such as ecommerce purchases.
- Vendor Risk - The potential for an IT vendor to fail to meet their obligations to you.