What are the risks associated with business and IS/IT change?

they say "nothing is constant except change". yes, it's true, we do change and so as with IT and IS. But have we realized or assessed what are the possible risks?

based on the research i've made(this topic is really tough!ahehe), the risks are the following:


1. Loss of Integrity. System and data integrity refers to the requirement that information be secured from inappropriate alteration. Integrity is lost if unauthorized changes are made to the data or IT system by either intentional or accidental acts. If the loss of system or data integrity is not corrected, continued use of the contaminated system or corrupted data could result in inaccuracy and incorrect decisions. In addition, violation of integrity may be the first step in a successful attack against system availability or secrecy. For all these reasons, loss of integrity reduces the assurance of an IT system.

2. Loss of Availability. If a mission-critical IT system is unavailable to its end users, the organization’s mission may be affected. Loss of system functionality and operational effectiveness, for example, may result in loss of productive time, thus impeding the end users’ performance of their functions in supporting the organization’s mission.

3. Loss of Confidentiality. System and data confidentiality refers to the protection of information from unauthorized disclosure. The impact of unauthorized disclosure of confidential information can range from the jeopardizing of national security to the disclosure of Privacy Act data. Unauthorized, unanticipated, or unintentional disclosure could result in loss of public confidence, embarrassment, or legal action against the organization.

still for me, whenever we want change we should have proper planning so that the risks be properly assessed and when the time comes that we'll be encountering the consequences we can have proper and long time solution to these problems

http://csrc.nist.gov/publications/nistpubs/800-30/sp800-30.pdf