Video Screencast Help
Security Response

Dispelling Myth 1: IT Risk Management is All About Security

Created: 01 Feb 2008 08:00:00 GMT • Updated: 23 Jan 2014 18:42:39 GMT
Jeremy  Ward's picture
0 0 Votes
Login to vote

So you think that risk is all about security? Well, we deal with risks to our personal security every day – each time we cross the road! But ask someone to think about more impersonal risk, like that to IT, and it becomes difficult to define what we mean.

The latest Symantec IT Risk Management Report aims to build a common understanding about IT risk, which it views as consisting of four elements: security, performance, availability, and compliance. When most people consider the risk to their IT systems, they immediately think about security and the need to keep bad things out and good things in. However, the report shows that concerns about availability risk have now come to the fore—78 percent of participants saw it as a serious or critical risk to their business. This makes a lot of sense when you know what it can cost your business if you lose the availability of your IT systems. Dartmouth and the University of Virginia looked at a hypothetical case involving the shutdown of a SCADA system at an oil refinery. They concluded that a 10-day outage could have an impact of $405 million and that the loss would not just be borne by the supplier, but by all the other businesses in the supply chain.

Although this may be an extreme example, it is clear that the loss of availability can have a very serious effect not only on your business but also on that of your business partners. So what are organizations doing about it? It is clear that many are beginning to use some of the good practice standards that are out there, such as CoBIT and ITIL. This is important because such standards help IT services understand the value of their contribution to the business as a whole; therefore, the importance of managing availability risk becomes clear. Keeping the bad out and the good in is vital, but really effective organizations are those that balance this by protecting their business value through managing their availability risk.

Reference: Please have a look at the first blog in this series, located here.