CERT-SEI

03/26/2014

New Podcast Released: Comparing IT Risk Assessment and Analysis Methods

In this podcast, Ben Tomhave and Erik Heidt, research directors with Gartner Technical Professionals, discuss methods for IT risk assessment and analysis and comparison factors for selecting the methods that are the best fit for your organization.

Technical professionals are often called on to research, recommend, implement, and execute IT risk assessment and analysis processes. These processes provide important data used by management to responsibly grow and protect the business through good decision making for mitigating, accepting, transferring, or avoiding risk. These decisions must account for IT risks caused by emerging threats to the enterprise and vulnerabilities in the people, processes and technologies required for digital business.

Which method you choose for IT risk assessment and risk analysis is far less important than ensuring that the selected methodology is operationalized and a good fit for the corporate culture. The selected approach must be able to produce output that is meaningful to management, and supporting processes must account for assumptions, documentation, and potential gaming of the system. Tools should be leveraged, where possible, to ease method adoption.

Listen to the podcast >

Media Contact

If you are a member of the media or analyst community and would like to schedule an interview with an SEI expert, please contact:

SEI Public Relations
Richard Lynch
Media Line: 412-268-4793
Email: public-relations@sei.cmu.edu

For other useful information sources, please visit the Contact Us page.

SEI Bulletin