IT Risk Management - Planning Cost-effective Mitigation of Risks to IT Services
Butler Group
December 1, 2008 200 Pages - SKU: BTL2071663
|
|
"In any organisation large enough to deploy IT solutions, IT systems deliver substantial value through the automation of repetitive tasks; the synchronisation of interactions with customers, suppliers, and partners; the management of high-value and sensitive information and the delivery and analysis of this information on behalf of users; and increasingly the automation and optimisation of end-to-end processes and the enforcement of business and
statutory policies. For each of these benefits, IT professionals have to be ready to answer the inevitable question: “What happens when it goes wrong?”.
IT systems are fallible: they can fail for different causes and in many different ways. Sometimes a failure will be immediately obvious to the organisation, and the business might start to suffer considerable financial loss straight away. In other circumstances a failure might be insidious, causing cumulative damage that might go unnoticed for a considerable period. However, other failures, although apparent, might be relatively trivial in their impact and would not justify the cost of a high-technology fix. "
KEY FINDINGS
- Business executives need to take personal responsibility for the conduct of key IT processes, with particular respect to Data Loss Prevention and Information Security.
- The business needs to understand that there are real, quantifiable costs associated with different types of IT risk.
- A properly executed risk management initiative based on a set of approved standards will raise the level of confidence of outside organisations or individuals in trading with the business.
- The IT Risk Management strategy needs to be kept aligned with the corporate risk management strategy and attitudes towards corporate tolerance of risk.
- With increasing dependence on the extended supply chain, a failure experienced by a business partner can be just as damaging as a failure in the organisation’s own IT environment.
- Mature standards and methodologies can assist an organisation to steer a proven path through the multiple facets of implementing IT Risk Management.
- The initiative in supporting technologies is moving from niche specialist vendors towards the large system and security management vendors.
- Governance, Risk, and Compliance (GRC) technologies will play an increasingly important role in IT Risk Management, but they will only be used at their most cost-effective potential when deployed within well-conceived, constantly-reviewed, and consistently-enforced processes.
- The potential for sensitive information to reach unintended and unauthorised recipients through the loss of portable media or Web-based security exposures can cause severe corporate embarrassment and considerable loss of revenue.
- Enforcement of legislation has focused the minds of corporate executives on compliance with minimum standards of risk avoidance.
- Some risks cannot be avoided 100% of the time in a cost-effective manner, and the business must plan for the cost of any incidents that do occur.
|
Additional InformationThis Report reveals:
- Why IT Risk Management should have a senior executive sponsor and a formal hierarchy of roles and responsibilities.
- How protection of information against loss, corruption, or misuse has become an issue of public awareness as well as legal liability.
- Why IT Risk Management should be designed into IT projects rather than added as an afterthought.
- How to address the risk of projects failing to deliver against business expectations as part of IT Risk Management.
- Why a business continuity plan should have its budget protected from other resource demands.
- Why Risk Management decisions should be reviewed on an ongoing cycle rather than treated as permanent fixes.
- How multiple standards and methodologies are available to assist organisations to plan and structure the IT Risk Management effort.
- Why the market for Risk Management technologies is likely to consolidate around a small set of major vendors.
- Section 1: Management Summary
- 1.1 Management Summary
- Section 2: Introduction
- 2.1 Report Objectives and Structure
- 2.2 Governance, Risk, and Compliance Strategy
- 2.3 IT Vulnerabilities
- Section 3: Business Issues and Drivers
- 3.1 Business Risk Profile
- 3.2 Business Implications of IT Risk
- 3.3 Compliance and Security Requirements
- 3.4 Understanding the Benefits
- Section 4: IT Risk Management Strategies
- 4.1 Planning an IT Risk Management Strategy
- 4.2 Roles and Responsibilities
- 4.3 Gauging IT Risk Maturity
- 4.4 Supporting Strategies
- Section 5: IT Risk Management Lifecycle
- 5.1 IT Risk Assessment
- 5.2 IT Risk Mitigation
- 5.3 IT Risk Management Framework
- Section 6: Business Continuity
- 6.1 Business Continuity Strategy and Planning
- 6.2 Planning for Business Continuity
- 6.3 Organisational and Infrastructure Resilience
- 6.4 Impact of External Services
- Section 7: Security
- 7.1 Security Management and Compliance
- 7.2 Protecting Against Threats
- 7.3 Mitigating Identity and Access Risk
- 7.4 Information Risk and Data Loss Prevention
- Section 8: Project Risk
- 8.1 Managing the Project Portfolio
- 8.2 Methods for Assessing Project Risk
- 8.3 Managing Project Delivery Risk
- 8.4 Evaluating Project Benefit Risk
- Section 9: Market Analysis
- 9.1 IT Risk and the SME
- 9.2 Supporting Technologies
- 9.3 IT Risk Functionality Within Management Suites
- Section 10: Standards and Methodologies
- 10.1 Standards and Methodologies Relevance Matrix
- 10.2 Standards and Methods Consolidated
- Section 11: Vendor Profiles
- Agiliance
- Archer Technologies
- Axentis
- BMC
- Brabeion Software
- BWise
- CA
- eIQnetworks
- HP
- IBM
- MEGA
- Methodware
- Modulo
- NetIQ
- OpenPages
- Oracle
- Paisley
- Relational Security
- Symantec
- Tripwire
- Section 12: Glossary
Share this report
Other tasks Related Markets IT Services Reports Free Alert Me service Receive bi-weekly email alerts on new market research Sign Up Today!
|
