It appears that today, business contingency, disaster recovery, and compliance are the hot phrases in information technology circles. Risk analysis in particular, is grossly misunderstood by IT professionals. It is bandied about by executives who, due to no fault of their own, do not have a clear concept as to what the phrase really means. That is primarily because the calculation of risk is not something for which an IT professional has traditionally been responsible, not to mention trained. Also, the derivation of risk analysis requires a different level of thinking as opposed to understanding Active Directory or voice over internet protocol (VoIP).