A business approach to effective information technology risk analysis and management

Suggests that a number of difficulties are experienced by organizations using conventional risk analysis and management. “Conventional” refers to those methodologies which are based on the traditional asset/threat/vulnerability model. Identifies a need for an approach that is more suitable for smaller organizations, as well as organizations requiring a quicker, more simplified and less resource‐intensive approach. In light of this requirement, proposes an alternative approach to effective information technology (IT) risk analysis and management. This approach has a business‐oriented focus from an IT perspective.