Six step for better IT Risk Management

1. Identify the boundaries of what is to be protected.

2. Identify the assets: all the systems necessary for the reception, storage, manipulation and transmission of information within those boundaries and the information assets within those systems.

3. Identify the relationships between these systems, the information assets and the organizational objectives and tasks.

4. Identify criticality: those systems and information assets that are critical to the achievement of organizational objectives and tasks.

5. Identify the potential threats to those critical systems and assets.

6. Identify the potential vulnerabilities of those critical systems and assets.