IT risk management covers a range of areas, but its primary goal is to identify threats and vulnerabilities within the organisation’s information resources, take measures to reduce the risk to acceptable levels while balancing cost, security and productivity to the needs of the organisation.