(1) Credit risk. That is, the risk caused by unauthorized use or incomplete or inaccurate data. This risk is usually related to the design of user interface, data processing program, disaster recovery program, data control mechanism and information security mechanism.
(2) Access risk. That is, the risk caused by improper access to systems, data or information. With the increasing popularity of Internet and e-commerce, access risk is one of the main threats faced by enterprises. Access risk mainly involves the establishment of business process, the security of application system, data management and control, data processing environment, network security, the state of computer and communication equipment, etc.
(3) Acquired risk. That is, the risk that affects the availability of data or information. It mainly involves dynamic monitoring of data processing, data recovery technology, backup and emergency plan.
(4) Infrastructure risk. That is, the information technology architecture planning is unreasonable or can not be deployed with the business architecture. It mainly involves the improvement of information technology organization, the cultivation of information security culture, the configuration of information technology resources, the design and operation of information security system, the operating environment of computers and networks, and the internal unity of data management.
(5) Other business risks. That is, other technical risks that affect the business activities of enterprises. It mainly involves the support of information technology to business objectives, business process cycle, inventory early warning system, business interruption, product information feedback system, business liquidity management and so on.
The information technology risk management framework consists of risk management elements (strategy and policy supervision, resource allocation, situation monitoring and structure definition) and information technology environment (procedures, applications, data management, platforms, networks and physical facilities).
The information technology environment structure is basically the information technology architecture. From two angles, it can show the formation and realization process of the system from top to bottom, and describe the support and service process of the system from bottom to top.