Information Technology (IT) Risk Management is a process done by IT managers to allow them to balance economic and operational costs related to using protective measures to achieve nominal gains in capability brought about by protecting the data and information systems that support an organization’s operations.
As a general rule, risk is defined as the product of the likelihood of occurrence and the impact an even could have. In IT, however, risk is defined as the product of the asset value, the system's vulnerability to that risk and the threat it poses for the organization.
IT risks are managed according to the following steps:
Source: https://www.techopedia.com/definition/25836/it-risk-management