The IT risk management (ITRM) market focuses on solutions that support the ITRM discipline through automating common workflows and requirements. For the purposes of defining this market, IT risks are risks within the scope and responsibility of the IT department. These include IT dependencies that create uncertainty in daily tactical business activities, and IT risk events resulting from inadequate or failed internal IT processes, people or systems, or from external events.
The vulnerability assessment (VA) market is made up of vendors that provide capabilities to identify, categorize and manage vulnerabilities. These include unsecure system configurations or missing patches, as well as other security-related updates in the systems connected to the enterprise network directly, remotely or in the cloud.