Mark Farrugia discusses how we need to identify the risks associated to our business IT operations and put in place effective enough countermeasures to mitigate those risks. He says enough because there are methodologies and technologies that will allow operations to get to five nines of uptime, but would the return on investment be worth it? For some IT shops where it's mission critical to have real time financial data, such as a trading floor, the slightest outage could cost enormous amounts of money, but for other organizations, that level of investment into mitigation technologies may not be necessary.  This is where the acceptable level of risk comes into the equation. The acceptable risk formula is going to be unique to every operation and person out there. Two businesses may share the same business model, such as a financial institution, but one may place more importance on email than the other, hence different technology risks.  Mark goes on to outline a series of six steps that have been developed to help organizations deal with risk.  Read about these here: http://www.opsvault.com/6-steps-for-managing-risk-in-it-operations/.