Risk Management of Your Technology and Your Business
Risk management is the monitoring for, identification of, and mitigation of threats to your business technology. In addition to any other consequences, all risks have one thing in common: Downtime.
- What are the consequences if your systems fail or are breached, or suffer a prolonged outage?
- Who has right of access to your data, both primary and backup? Can you name all people involved?
- Where is your data stored, and what laws govern your data in the country of storage? Do your customers know about this?
- If your data or IP found its way to a competitor or interested parties, what impact could that have on your business?
- During a disaster the Internet is the first thing to go down. How much of disaster recovery plan relies on your Internet connection being up?
- How is your business risk management profile changed with remote workers and BYOD (bring your own device)?
- What systems and processes exist to monitor and manage all risks?
- Who is accountable if things go wrong?
- In many cases, risk management requires an understanding of the psyche and patterns of behaviour. Does your IT provider have the skill-set to do this?
The Five Areas of Impact
The five key areas of impact are related to success and failures within the Five Disciplines of IT ™.
The Five Main Sources of Risk
- Strategy: Those responsible for managing the IT systems fail to correctly identify and/or communicate the level of risks.
- Governance: The business management fails to understand, acknowledge, and/or act upon the identified risk levels.
- Management: Infrastructure and systems do not meet standards necessary to reduce the risks.
- Compliance: Business policies and processes do not address the risks and/or staff are not trained.
- Operations: Staff or owners fail to observe risk management policies.
Risk Management Mind-Set
Risk management is best carried out by a skilled IT Risk Manager.
- Preparedness: Being prepared for, and managing risk is not some sudden, spectacular program, but a way of life and of thinking.
- Assessment: Is not only based on past events, but future events based on present conditions and the psyche of possible players.
- Understanding: The ability to visualise potential negative conditions requires as much understanding and foresight as visualising positives.
- Management: Risk management requires a thorough understanding of ethics, principles, processes, people and things.
- Foresight: Everyone can be wise in hindsight. Being wise in foresight, requires discipline and training.