990-27产品经理:What is IT risk? 什么是IT风险？

Information technology or IT risk is basically any threat to your business data, critical systems and business processes. It is the risk associated with the use, ownership, operation, involvement, influence and adoption of IT within an organisation. IT risks have the potential to damage business value and often come from poor management of processes and events.
信息技术或IT风险基本上是对您的业务数据、关键系统和业务流程的任何威胁。它是在一个组织内与信息技术的使用、拥有、操作、参与、影响和采用相关的风险。IT风险有可能损害业务价值，并且通常来自对流程和事件的糟糕管理。

Categories of IT risks
IT risk spans a range of business-critical areas, such as:

security - eg compromised business data due to unauthorised access or use
availability - eg inability to access your IT systems needed for business operations
performance - eg reduced productivity due to slow or delayed access to IT systems
compliance服从 - eg failure to follow laws and regulations (eg data protection)
IT risks vary in range and nature. It’s important to be aware of all the different types of IT risks potentially affecting your business.
IT风险的类别
IT风险跨越一系列关键业务领域，例如:

安全性-例如由于未经授权的访问或使用而危及业务数据
可用性-例如无法访问业务运营所需的IT系统
性能——例如，由于访问IT系统速度慢或延迟而导致生产力降低
合规性服从—如未能遵守法律法规（如数据保护）
IT风险的范围和性质各不相同。了解可能影响您的业务的所有不同类型的IT风险非常重要。

Potential impact of IT failure on business
For businesses that rely on technology, events or incidents that compromise IT can cause many problems. For example, a security breach can lead to:

identity fraud and theft
financial fraud or theft
damage to reputation
damage to brand
damage to your business’ physical assets实物资产
Failure of IT systems due to downtime or outages can result in other damaging and diverse consequences, such as:
IT故障对业务的潜在影响
对于依赖技术的企业而言，危及IT的事件或事件可能会导致许多问题。如，一个安全漏洞可能导致：

身份欺诈和盗窃
金融欺诈或盗窃
名誉损害
品牌损害
损害您的业务实物资产
由于停机或中断而导致的IT系统故障可能会导致其他各种破坏性后果，例如:

lost sales and customers
reduced staff or business productivity
reduced customer loyalty and satisfaction
a damaged relationship with partners and suppliers
If IT failure affects your ability to comply with laws and regulations, then it could also lead to:
销售和客户损失
降低员工或企业的生产力
客户忠诚度和满意度降低
与合作伙伴和供应商的关系受损
如果IT故障影响您遵守法律法规的能力，那么它还可能导致:

breach of legal duties
breach of client confidentiality
penalties, fines and litigation处罚、罚款和诉讼
reputational damage
If technology is enabling your connection to customers, suppliers, partners and business information, managing IT risks in your business should always be a core concern.
违反法定义务
违反客户保密规定
处罚、罚款和诉讼处罚、罚款和诉讼*
名誉损害
如果技术使您能够连接到客户、供应商、合作伙伴和业务信息，那么管理业务中的IT风险应该始终是一个核心问题。
In its guidance, the National Cyber Security Centre (NCSC) provides a clear explanation of why IT risk management matters.

IT risks should be carefully assessed and measured. This is where an IT risk assessment comes in - a process of identifying security risks and evaluating the threat they pose. Once risks are identified and assessed, you will manage them through a comprehensive IT risk management process.

国家网络安全中心（NCSC）在其指南中明确解释了为什么IT风险管理很重要。

应仔细评估和衡量IT风险。这就是IT风险评估的用武之地——一个识别安全风险并评估其威胁的过程。一旦识别和评估了风险，您将通过全面的IT风险管理流程对其进行管理。