Published on February 26, 2014
How to apply Risk Management to IT
What is a Risk A likeliness a loss occurs
process to protect against threats
Risk of <loss or damage to asset> due to <event> caused by <cause>
Event: Power Outage Control: Vulnerability: UPS Poor maintenance Impact: Datacenter outage Risk of loss of datacenter services due to power outage caused by poor UPS maintenance
Budget overruns Delays Poor quality Ineffective change management Financial, Configuration issues Operational Unauthorized access Malware Virus attacks Website attacks Poor patch management Security Utilities failure Natural disasters Physical Labor strikes Infrastructure Obsolete technology Theft Inflexible architecture IT Risk Categories Staffing Compliance Operations Non compliance with SOX, Law, Data Privacy, Licence contracts Loss of key IT resources Inability to recruit staff Mismatch of skills Human errors Breakdown processes Outsourcing Poor service levels Data leakage, lack of support
(1) Risk 4 Phases Identification (4) Risk (2) Risk Monitoring Assessment (3) Risk Mitigation
4 Phases (1) Risk Identification Identify all potential risks Examples Monitoring Assessment Hard disk failure Malware Spyware Mitigation Other hardware failure Theft Loss internet connectivity
(2) Risk 4 Phases Assessment Map identified risks Monitoring Assessment Mitigation
4 Phases (3) Risk Mitigation 4 risk mitigation strategies Define per risk strategy measures to reduce risk Risk Mitigation Strategies Identified and assessed risks Avoid risk by Reduce risk by Hard disk failure Accept risk? Remaining risk level Backup Malware Transfer risk by Malware software Theft Spyware Monitoring Other hardware failure Loss of internet connectivity Insurance Spyware Assessment accept accept
4 Phases (4) Risk Monitoring A risk can never be completely eliminated. It can only be managed Identified and assessed risks Risk Mitigation Hard disk failure Backup Malware Malware software Theft Insurance Spyware Spyware Other hardware failure Loss of internet connectivity Monitoring Risk Monitoring activity Check correct and completeness of backup Regular restore Check validity insurance Check regular anti spyware updates and check correct and complete execution Assessment
Risk Management tips • Build multidisciplinair teams to identify, assess, mitigate and monitor risks from different perspectives • Use brainstorming techniques to identify risks and to mitigate risks • Define risk mitigation measures based on the four strategies (avoid, reduce, transfer, accept) starting from the highest risks • Weave risk management activities in the daily project and service management practices and tooling
Governancee ISO38500 Managemente Prince2 / PMBok Build Acquire Implemente Service Delivery ITIL v3 SABSA ISO31000 ISO27000
The mystery behind on time, on budget and meeting customer expectation projects or services ?
well executed risk management
Thank You More questions or remarks Feel free to contact me be.linkedin.com/in/johnbun firstname.lastname@example.org
Modification History. Not applicable. Unit Descriptor. This unit covers the application of risk management processes in resources and infrastructure ...
Supersedes BSBPMG407A - Apply risk management techniques: ... 1.2 Contribute to developing risk-management strategies and risk-management plans according ...
Search and apply for Risk Management Jobs at National Interstate. Join our team today!
Apply risk identification tools ... Risk Management ... People often ask why the management of risk cannot remain
... risk management occurs anytime an investor or fund manager analyzes ... given their investment objectives and risk ... they apply a bell ...
What is a risk? Preparing a risk management plan ; ... Discuss your risk management plan with your insurer to check your coverage. More information.
Learn how a risk management plan can help you ... is known as risk management. A risk management plan and a business ... can apply to sell or ...
10 Golden Rules of Project Risk Management; ... This article gives you the ten golden rules to apply risk management successfully in your project.
That's why they often turn to ISO 31000 on risk management to support themselves in this task. 17 May 2012 Rebuilding from rubble ...