IT'S DIFFICULT TO KNOW HOW TO PROTECT SOMETHING before you know what you're protecting. An important first step in risk management is identifying valuable assets in your organization. Any organization has a wide variety of assets that need to be protected. This includes obvious assets such as hardware and software. It includes data and personnel. It also includes system functions and system processes.

After you've identified the important assets, you can then take steps to protect them. A business impact analysis helps you to identify the impact if a service fails. A disaster recovery plan can help you identify the steps needed to restore a failed system. On a larger scale, you can use ...