IT Risk
George Westerman

Richard Hunter

Join Richard Hunter Wednesday, March 5 in Chicago for his Keynote address on IT risk and special book signing at the Gartner Summits dedicated to helping you manage IT and business risk.

Related Events

Gartner Compliance & Risk Management Summit
Gartner Business Continuity Management Summit
Gartner Symposium ITxpo 2008 – Las Vegas
Gartner Symposium ITxpo 2008 – Spain
Gartner CIO Academy

Related Gartner Research

Executive Summary: Business Performance is the Value of IT

Executive Summary: Executive Lessons Post September 11

Executive Summary: High Value, High Risk: Managing the Legacy Portfolio

Executive Summary: Leading Enterprise Change

Childhood Ends: Liability and the IT Industry

IT Risk is Business Risk

IT has become increasingly central to business success – but many enterprises haven�t adjusted their processes for IT decision making and risk management. The result? IT-risk incidents carry a much higher price tag than they used to.

This timely and authoritative book, based on research conducted by MIT�s Center for Information Systems Research and Gartner, Inc., defines four types of IT risk – availability, access, accuracy and agility – and the three disciplines enterprises must master to manage IT risk effectively. It also offers powerful diagnostic tools to measure your company�s strengths in each core discipline – and help you continuously improve competency and competitive advantage.

Download Introduction (PDF)
What People are Saying ...

“Overall, this is a must-read for chief information officers and IT risk management and IT governance professionals. It is also recommended reading for chief executive officers (CEOs) and others who want to understand how to manage IT risk.”

— ISACA, December, 2008

Read more

Editors’ Picks: Best Books of 2007

— CIO Insight magazine, December, 2007

“The authors provide a sensible and instructive environment in which both IT and business executives can discuss, understand and plan for potential IT risks, without conceptual conflict…The book’s impressive research base, drawing on more than 50 case studies, a survey of 130 firms and over 2,000 presentations with IT and business executives, grounds the book firmly in the empirical. Consequently, the authors provide often-unique insights, not only into how particular organisations have tackled the fiendish problem of rationalising legacy application infrastructures, but also into the surprising sticking points that can arise during this process.”

— Information Age, December 15, 2007

“I found the book’s discussion of agility to be the most thought-provoking. How often have we seen successful companies crippled by failed acquisitions or the inability to react to changes in customer preferences? Agility enables IT to accommodate rapid business change.”

— Ziff-Davis Innovations Blog, October 15, 2007

IT Risk is written from an enterprise risk management perspective. It is the first and only IT book that I consider a must-read for our business executives, from CEO and COO down. I intend to purchase a copy for every senior vice president and highlight the must-read sections for them!"

— Connie Whitecotton, Vice President and Chief Risk and Compliance Officer, Alfa Insurance

"IT Risk is a thorough, insightful book loaded with useful best practices for improving organizational resilience and agility. It sends a wake-up call by demonstrating how IT risks directly impact business performance and offers practical guidance on integrating IT risk management into daily business processes."

— Robbie Higgins, Managing Director, Motorola Security Services

"Finally, a book that connects the fiduciary responsibility of business executives with the capabilities of IT specialists in order to manage IT risk. This should be required reading for anyone�from IT specialist to board member�whose operations depend on information technology."

— Steve Cooper, Senior Vice President and Chief Information Officer, American Red Cross

"I couldn�t put this book down. I�m working on our three-year IS strategic plan and this book has a great combination of high-level concepts and pragmatic information and advice. It will become a must-read for every manager in my IS organization. I plan to give copies to my CEO and CFO."

— Debra Jensen, Vice President of Systems Development and CIO, Jack in the Box

"Increasingly, accumulated or unexpected IT risks prevent managers from making the best decisions for their business. Westerman and Hunter provide practical advice and examples showing how business and IT leaders can work together to manage these risks�from security and availability to performance and compliance."

— Bob Yang, Director, Symantec Education Services

Learn More


Buy it Now
Barnes & Noble

Format: Hardcover, 1st ed.,
256 pp., $35.00
ISBN: 1422106667
Harvard Business School Publishing, August 2007

For bulk orders, email