IT Risk Management is a subset of overall Risk Management because the IT systems must enable the company to achieve its objectives in a secure and cost-effective manner.
IT Risk Management ideally is incorporated completely into a company’s System Development Lifecycle (SDLC) activities, which has fives (5) phases:
4) Integration and Testing/Operations or Maintenance
In some cases, a system may be in several stages simultaneously. Regardless of the phase, the methodology for Risk Management is the same.
The phases and phase characteristics of the SDLC track closely with overall Risk Management and Business Continuity/Disaster Recovery planning activities.