Organizations are experiencing rising incident rates across the areas of security, availability, performance, and compliance, with significant impact to revenue, reputation, productivity, and cost. According to the Computer Security Institute and the FBI, per-incident costs of unauthorized access to information averaged over $85,000 in 2006, and system downtime costs reached tens of thousands of dollars per hour. It doesn’t take long for one to recognize even good IT Risk Management practices may soon reach their limits.
So how can organizations advance from good to great IT Risk Management practice? The challenge lies in understanding their portfolio of IT risks, quantifying and prioritizing them against the organization’s risk profile, and developing an effective program of remediation activities.
The following five-step process can help organizations assess their levels of IT Risk, develop remediation roadmaps, and ultimately build effective, continuous IT Risk...
A quick Google search of the term “risk management’ returns more than 75 million results, revealing a discipline of balancing risks and costs that has been in practice across many industries for decades. Ironically though, the phrase has not become commonly-used in the IT industry until recently.
Traditionally, we’re used to hearing about risk associated with the financial assets (insurance, credit, exchange rates, interest rates). But we are also noticing more focus in operational risk, where the primary driver is information technology.
As consumers and businesses become increasingly dependent on the Internet and IT systems, the risks in this infrastructure have become far more visible and significant. Breaches or failures of information systems cause serious business crises – reputation damage caused by identify theft, business losses stemming from system failures, and regulatory restrictions arising from compliance issues. Recent news coverage has focused on...
