A little-known aspect of risk management is the practice of visually mapping risks as a conceptual and cognitive tool. Using a variety of risk maps across the enterprise, within the overall context of a risk assessment process, can help IT departments forecast areas of vulnerability and act accordingly. Make risk mapping a valuable part of the IT department's skill set.
What Is Risk Mapping?
Risk mapping is a method of graphically portraying exposure to risk using two basic characteristics of risk: probability and consequence. These fundamental concepts help define business or IT risks and also serve as a foundation for dealing with risk. To better understand the importance of risk assessment, refer to the McLean Report research note, “Why You Need Formal Risk Management.” For an example of a basic risk map identifying threats that an IT department might encounter, see Figure 1.