Performing a qualitative risk assessment for IT