IT Risk Management

A recommended approach to identifying, prioritizing, and managing IT asset risk, using the IT Risk Management (previously ITRMBond) solution in Diligent HighBond.

This solution requires a subscription to IT Risk Management (previously ITRMBond).

IT risk management overview

IT risk management (ITRM) is the process of mitigating risks associated with IT assets, including hardware, software, business processes, and cloud assets. Each of these assets comes with risks that can have far-reaching consequences for your organization, including security vulnerabilities and service interruptions. Additionally, managing IT assets also involves complying with complex laws, regulations, and standards.

Challenges and opportunities

A robust ITRM program is essential to ensuring that an organization's IT assets stay secure and functional, avoiding security breaches and service interruptions, by responding to a rapidly evolving threat landscape. Information gathering, mitigating risks, and reporting to different stakeholders are all crucial and complicated steps of the process. With a large number of assets, it can be costly and time-consuming to ensure that each one is prioritized and handled effectively.

IT Risk Management (previously ITRMBond) simplifies these complicated risk management processes by allowing you to prioritize IT assets by criticality. Then, after deciding how you want to address your IT risks and creating plans of action, you can continuously monitor your assets to ensure compliance. Additionally, you can create IT policy exceptions to ensure that your IT risk management solution is flexible enough for your organization's unique needs.

People involved in IT risk management

People involved in managing IT risk can include:

  • Risk analysts
  • IT risk analysts, directors, and managers
  • IT compliance analysts, directors, and managers
  • Security analysts
  • Risk management leaders
  • Business and technical asset owners

How it works

The IT Risk Management (previously ITRMBond) workflow spans multiple apps:

  1. Create and consolidate assets In Asset Inventory, you can manage your assets in a centralized app, creating a single source of truth for asset intelligence for your organization.
  2. Categorize assets You have two options to categorize assets based on criticality in Asset Inventory:
    • You can send a questionnaire about an IT asset from Asset Inventory to a technical or business owner. Then, a Workflow robot will use their responses to automatically calculate the asset's criticality level.
    • You, or the asset's technical or business owner, can enter the criticality level directly into the asset.
  3. Identify risks and map controls to asset types In Frameworks, associate asset types to risk categories, so you can define and maintain the core structure of your risks and controls in a central library.
  4. Test controls associated with individual assets Based on the frameworks you created, create projects to manage risks associated with individual assets, where you can test the controls associated with the asset types they belong to, execute downstream control assessments, raise issues, and remediate risks.
  5. Monitor controls You can monitor controls in individual projects, or you can use a Workflow robot to import project data into Results.
  6. Report on IT compliance Use Workflow robots to import data about assets, projects, and issues into Results, so you can see your IT risk data in one place, report on IT compliance, and identify remaining action items.

Watch our IT risk webinar

Watch a demonstration of the above workflow, including how to:

  • Build and categorize an IT asset inventory
  • Automate workflows to assess and remediate IT risk and controls for compliance
  • Report on risk and compliance posture

See How to manage IT risk.

Doing it in Diligent HighBond