Develop a comprehensive set of IT risk scenarios based on available information to determine the potential impact to business objectives and operations.

· Identify key stakeholders for IT risk scenarios to help establish accountability.

· Establish an IT risk register to help ensure that identified IT risk scenarios are accounted for and incorporated into the enterprise-wide risk profile.

· Analyze risk scenarios based on organizational criteria such as organizational structure, policies, standards, technology, architecture, controls to determine the likelihood and impact of an identified risk.