|
|
|
How to Translate IT Risk Management into Competitive Advantage
By: Patrick Kerans
2008-06-25
Article Rating: / 5
There are 0 user comments on this Enterprise Applications story.
How to Translate IT Risk Management into Competitive Advantage (
Page 1 of 3 ) It's not the fact that your company has risk that matters. It's not necessarily even how your company manages risk that matters. What matters is how your company turns risk into opportunity. Patrick Kerans of Agiliance explains how to do that..jpg) Every company has risk. In fact, risk can and should be construed as a good thingno risk, no reward. What matters is how quickly a company can accurately identify current and future risk vectors and respond to them. In fact, risk management is becoming an increasingly important facet of how well a company executes, and companies that excel at it have discovered themselves with a newfound competitive advantage.
Why aren't more companies "competing on risk?" According to a 2007 McKinsey survey, "many companies design their approach to IT around what they donot what they could be doing." The survey goes on to reveal that leading companies approach IT investments as they would a personal finance portfolioclassifying IT purchases as low-risk (stay in the race), medium-risk (win the race), or high-risk (change the rules of the race).
Another survey, by the IT Policy Compliance Group, found three categories of enterprise IT organizations: "leaders," which they categorized as having an average of six compliance deficiencies, security-related business disruptions, or losses of sensitive data; the "norm" having an average of 17; and "laggards" averaging 65.
These surveys indicate that today's corporations are much more risk-aware than some (such as security vendors) would think, and that despite conflicting opinions about what sort of risk management metrics matter and why, there are benchmarks for measuring how effective a company's IT risk management efforts are.
So what distinguishes a leader from a laggard? Leaders are able to create the right mix of people, process and technology to implement clearly defined business processes that enable them to be more resilient amidst changing IT regulations and constantly evolving business requirements.
While process is only as good as the people and technology behind it, a good process can bring out the best in the people and technology that execute on it. As security organizations continue to adopt a more business oriented role, well thought out processes will play a key role in shaping tomorrow's risk management leaders. Below is one that's been adopted by large, heavily regulated companies. It's no panacea, but it can provide a solid starting point for any company looking to embrace a more risk-aware approach to IT:
1) Prioritize the environmentIn order to effectively manage risk, you need to know what your critical IT assets arehow many servers and applications, who uses and manages them, the type of data processed and stored. Some companies measure the assets' relative importance to one another in terms of the business processes they support or the liability associated with the data they handle. Although many tools track this information, the trick is organizing it by business unit, geography, data center, product line, or some other groupings enabling analysts to use it on their terms, given how management may view risk or how an auditor may want to view compliance reports.
|
|
�������x}r8qվ�Fsvg�]mGJɖlkcY^K'SHH"$e[g^b|u^<�nK&_2c["�����Qȥ3$-לڔ]Sã�}$U~]2Q%*_3z&*�%C�jD7�R}f]S� ����LN�შ���:':UE�.�Qk8
*Z5��3*5ևԗo�~e0��.�IA:*֠��O��մ�lZ�P8"X.�(
&wm<&a}�� $a��X<�r�'lG$̽�M"`0 j�>wn'd�Y/{/<��Pcw�̪�ҴώHv;P�;U�ya%h��υ�@Z�*�#LDȁY{w4�ɿTݡu2���{R%s�Z@[��yTi11<]ۜ�Q�^]õ]�&X,.R-G�eCwt�S��:�]c�ԏ �1l{`�2�I9$�7��jZHSq&�xX8֪V�`Kk']DZM�[CY�C�0-ߕ¡f#1Xov?_7(?\6OIFܩ,uEuI��z[(-t[�W�I2}.zC{#?",�_�� f��k���ķLJ3f1"���:u2��ͪ5V(z�[�QĿ� E/<�@'�LZ)P3Z$*��2��3=Pr�&Sk~�$M]sƚb.L2o)�6`IK�2TA0�%�mRu3
.(J�""x^3��E9T>B:Bp4O�Oq��tc'|LMk:uI<
Y�C#ʠ�:ڴ�\�V�#�4!.iG�&5`㻃Ah6[W <{� }}
0ԟT2!DAЂMz>t�T�:�]|�2��Z�9<�({�hk�=`DMVt��P���DM}���PC��n@�}S(�|`O@=Zc9{ݲeǀxԜ� u`Hd˕�N��]�] �RS$S�]Pv9�B�
B�!L��0 H��V�(V� a�|
.��u@�Gҥ;t{jXȣ�kB~��Z
z)0�
eV2&힟�X�*ȉ#�n"0�9X����
-gZ
X�k%�sZ!m�2*g��CO;�ЕaAQ���ңF +?;�*4XF0,/Bw��);Ø����eX�ԆL�ST�2r�)(�f+7��)M}P�d`G�ɚ)-�ThWfS&ᠺ�4S�y�%2{B; aSs]edGeҳ{.�Ijki�S�j
���|kV� U�pć��9E#rQϚX� %<).�ƲB"5w�&�QH OzBfeHS
*$,��4�?9pd�j�K�=ݼ^`�";hqJNb�B#@)z�Q��YWo%<4ވյ�$/gsP(�KӺJ�j!w ~�#o��koռE_x�ue8Ha K-C�rB;�{[1-#
l,h�?40���&ͿѤ�]�ǞZ�>;#�+9UV�揠LXVFV.hV:ִb9;lD�1ȁ2n(鿙ҼMVRyz?u>N �MKϵ("?�v�LO]�t
�.��)نhp'#P0W�2`a��QeU[�*X[����D�2.P\���+��ل�UraڳҝŅeriQ9k,)UM^J_ �g7����v�*>
��0f&6X�˦>oٳu?ɨ �b�Zk;kP��%1gI�9&"_G5�k�^��ˣ6Wm!�3躢� Xj :�iY4��~ ɮէj6|��Jj�0FBċV�ٱ� l^p�O}5pJ`'pW�[�"�L�J}�wYn߲JzqCJ�REy�l{� 9` N� 2F׳|h�<Ӏ!a�s�`��E:�.�
�Z���HK�"T90�|*U%ˈ`m�S@@k�SU�
Փ�.E^vz�V�%b�tXQH �jL=v{e|h3<2
i��{LR.sr)F��ZQU�Z*P+
:;�UFQH�j {`�/P�d4y͎eVjf�aRz6~gn�%ߙ#[�ae�#FmH�deS7\@�+RUsO��h\>F�Y��G��Y�
�h�¹�`d��Qе�a#E�C�V0"��P�"�7h{e�ejڳP-sdw W��ޯQ�nwH"D.WԲ'2'Uj l|��`Z3nGL=��ք�H+�
��cT4}�����2*rNe߯i^�XY
:�����i�3
9�:r�~�'�H5ySV�9y�^%��fR+a1Y-*=>]6AP,4O'Y3ipS�nU
ҕG32)wY{S+1^��,y6U5�G�3��о�
,(M�R"G{=%8�r zĀİ/h{�~UM+$ۂe2"0�ڃF0gk&�;�[)*1<���e05���`�9z{'q7_,`YEn:&}+砩csɜ�C/���ܒ;��!k̀X'V-7|��8 B�|-i>⇇a1M}tv'<�
hr�ݵm��7>��;" ^ �1-'l9L�6[JA)�s`u�EZ!~�)HǞ1L}]�܉e>t1TNjR9*=)#��ʔ�yS Ymq'&.R^ߵ�\T3 fkec>��
4y
@QFk�oZ�KEyX�c/ rJY-��AVlz�
�tq2tGM42H!I�uO(sy�rR�x
�\9-�&�v�aN�0q܇�J3ڛ5^,@�M|GZO��s�q4I#⩬y0.Ɨ>�{s�kg K̦:z�f�&t]֮ �y*>gn�&vfmBX I7(��ְ�J7eNV5XI˴9I-?�O�����0�t��G�.ˤCs辶
Ϛ���8_A|/{W���J*$3b^ 5`RT�eO�a#ҲL�ƈ���Q@Z8 GYd^��|eŢR�n8N3A��6O$��,t9�q[6E3���=a?rqg-41���=�QZ��aǰ�^-+k��㜘�o]?؇^?jeeqb��sE6 7zk{H�~��Zg�^�p�t$+p۬w/HNcgtVk5/?�����?��nwf0yEy~эR�q%<�j�Ej^��1Uɇǫl�b8�}�L�@IP
���t=&Co>bjW/Z:n;lY7`�yAr+'n�pZ2e;&ͫu�۾�<�rLpA]6ϯX�
G�>9lnÏOM1k&pnX&IEqD#S�W5C2҃a����H!y,z��T/Us:֒TzF_ɾj,49ϐA��
x0jG#!�/�ؿ+[�Ě]�f· B?Ry0�(��@�R`OH�[%#estZ{^fpl"��Bt�X�1u��}E/biN�I$Q#=)#�WYYqھq�ج�}A��NdNK#�e{-[L7S+d$��?]/8��݃�͟&WVRǭO}y@H�e�
v?_68/w�`T1ppF�K1xc�`s�A\7Ը�J="#4�QJh"�8�Q9;6�?m[=P��Rv���P溓O�%SQ([via�-uјyj�dJ~N49qyȠ3%dBI[#C塺1"�zN`
fs1 o.�(�cǩm:{@�D%,B*�NQD�K%9A�xDTAv,3x�O=[<�Mw[��1%nԮ>w/@��W�;�ɏd-�н�>��?�y{l
o&�<)sdzI��e�'䬅)V[(=l�kt�ڗ㆟��i�sP>X�dLC!I ɪ%wח}ʜ9%#+Tx|q+N� Q�d17��P2�Y:pOҤs�c}d�<ݸ�[f�1rfio.I>�]`w.�P�{_xVYiAU�9/r\
-"�nZXླྀ�|�90.*W�=Y$/A�v} lD>?GBa"fFs�áME[o&�<|ng
�Z�~i4&K
h<57�wB!E�V֧A-�<�M�g�H&vd`�� c�*�v0�.�߭[��� B�;BJ��[<�N%>4��R�UCf��u�k%ì§
,'i�p8|+؊wfo_��O�4oN{kA�|;L-e�\1kp௩o_Lo-)���B�Ѵg=.0�Qa_ɼ{2.mE>zQ%Fe?^�#ϗIOǖ�4ۺ�YCr݂�O(EP9Jy?
;|�6gX�%H',�v�\� |_}� "5�J'�eo�#UUIL4�GdHx�[��
Y81+aHvvl^qS.k q�zW*xuL>éѩK}�[${A>~:?Z&�eD2+X̊(Zg�B?��9�gޠk��S~
=
^$Sכ`{�&e�zߢ�=s&V�ߋ|0Y�AbZ�hwx/r`Ā̂�c וP��9�嫝pH1_�Y�8��nEt,S9%gq9P�m& 1gaHwAWAgNUM _�R]n!ViMh�haZ�*n$38kcuL$�Pv��cVi1uOƙvV�}9��^z�0IqHMl�K.au&�%K^I?xC�^\T�k{� ̂�Jz۞ȕ�Kjp?7+˥B|;,�y%liF�)΄[$:"5"!P);~8<}@�X7,�/[I-0t ��f
�&ێ�HÏ�ò/6�88 a2a&qQR"r
�SX}]Q�~D%,N6k{I�Hm6�,e��L#Zq�~k�JӝJ>_)ɍn�17�o9Y# U
e��D(#rHxei�
ӕ"�5iv�r'@`8t�R,V:
,^PFZP
?\�����0��"߽W)5G�UW?_j`U~
K"iŷ3m)4=��˵`�8xȓ>7rwD��`��"BA)iT*jn
NmcN� lB~ �F�p炁Vp��VRRRg^
�s�ҡ5�FtS9[RGRڮ�&�mX*)(�0�&��A$�&D&D˓PQ}[O m⋫ۑ��=0/jT4��w/1w�pq��^RJj.B h�2҉O�dtT�(Qۖ�K/E\#�0Wڸ�R%;�(FP
ܤ
QKO?C�� WalП_؞p[]�c,OkyEGxGT�_�ōߝߝߝߝ�т+�EKH7%P@M\].B�u���I/pA+�;AD�D�9O+;}9�DAR+o7U�)T�k$35�8ǣ�%�I5e�PS�V�����7O)OA�<�+'%e�CPBY]uA{
53)�GP9[�c �:!L�<3;@ �v%�"vMyoIjsy��R�bwB�= `pý6��ߠ6{:��(fAW%�5s�CtXAPZ�[x׆TG]�st帊It>D8D�I��D �"�D�Ѽ
�I�>-i:~:sMRM:aL =W�.
_w����$� 8D�B��V;_^�G�$TUzqg@Z
7N~):fe6ّ|�#:�Ӊ*�FB`v
v �F�0&oI=�+�d+"O{o�~~~~\[nT� /zi��R_[�^k.Gj�Ķ};6����{]�#xk���#�nC\0���i�>�(��<"�Һ#��>:xK@�Da��������E�|V~ҭ嚺�_Z�*GǢUx[��F� FZ\}[
kMxX
�ż*~t.�O�vJ�jĝ\�-!p �dB/{�jS30cH&:;�&�f50O�ZYȚLHj�~ж}A˼=V�4+
mY�[`cXh�E *�>�*qdY{rmZ)˿jhk.�R}nGzp�=W'�!_��NZTˬ�k2P$Q3
ƹ�>b",�kfV.P2-aD�Ko�p.|pDGoؕk҃�:?w}Lµe�νko�(��5~i//m~ᑑ��'�KƗy�0jX�'+W�}��S&Lm!~�%0
�ho�6���
EvNA)w�ő?Yxv]9tz['0%6|��Qy4Ni\i�p#
'�EuE)d wKY(liXN����i
�[h[�:�Lb)G�3Ψ4n?\uC%g�ͫ��c�,g�:�ՉaIAX#�hBG�H[�~�~0&gF=bqBtbB�L!��`lga>U`W8�bFa��F��,ܦL#&2B&�?q" %6:�ȑp|j7��#@['d �6C�ՀE21�gv�l6K���$ԣ�@TGl2�tQ:..�(�� o%�H)�[P�,(Opk2�$TJݹHB}���ځ!c�\&��3wY+5z�F�O�uTOM�n���[�:�ʺ���:r�@Lg�>p\�3cr4g�x��bnJ�w9I�t!C�K/H�
Ns�^ay}!G�^�/0�p�
{Ka1c�~ERVKJ!|�e���ѝb$cU-$�)iwtE�uӄ\�H@+xo<{+�Iː�=K�%��$��]�,Lv}}oH4�szӼ$�m[8|ԝsҮ>m_>k^5oWL@�hlR_db(�,g2MB rvUk528cѦΐKs!Yx�9�K��xe�r�^/.�Mrݙ= fr�D0/�& F^�5�2PS_o�֖S~ހVՑ6^�_ 9u�Χ6Fjrt.r:X)JQa 3���Ba)nq8U#S
MjV}Qv xR�?/)7P~�ZK)oCy;�)�87ROt}�,�?/Es}y6)пfJ?ӼJ)7S~褔/�e
|vV`�~+
>��2�g+>[@�D�J�'(R~��)R�{2W?W)s�w2m;m?��N/@�)q
_�sB?��'e��'e]n
u_֗�B_SZ9S>�>�oʁ~oS�ڿMi�6NR�Rv�S�BzB/"ȋKOi射:K)?�yVT<^`]mk�)x.2�{�9;[?[_קzr]!,.u~r+�^6ƺe5�vKa7p_'�_xi�
�+{3w�'D�ǙW4�|d�ل,�@CX{#u�唄gλϝ1i҇�su5n��97[O'i��krhxȝGm�>$ܭK!
t!=}��ɠv��|.y�|ޥ8�Nt7x�wV/Si˘A��gG؎�GlOAp|��n=�7�}j2t�{x�.�nZ=Mҋ�\ڎvh#ֽ2�b;�w�S췡\|���fG?�hG'�P�[Йq%ޢ9m9w~�t
p7{�,�?f�Tza���&Hvٻ7Cg:'[��}�o' H�4��l?|qH&{W.��P[tdLE�7�ie�_;�O7{maHd&ӾTkZ^-oX*#7n�P��D���ŀUMV�Y)I2xr!_��,.g
�o9Q(Fuoo{|hN`�njY�ݟ9ȠȣY)3?@>^J-F�@ P��1�=:
Ǭ?*'/ۼ�7l{s�N�
ڎy �@��?l�#
�{+3ŀiD@�[Y?T�UI�W1hӐC�Fؒ%Dİ-#)N>@O�G24>.qg%D{�o�O-ؠGў�13J)�c}"w吖>I��F��|&ߢ�j;c
TM)�-0٩8x$�la
�,jϗ9;nbD扵U$7O˦�r`,yyBapb!S;2`#Z<0;b
ٝKG�OfarL5�S�?�p���1�Q.`]�<�oj`�-�nܸʲ'M@W0)<%�_30
�9Qۧ@��0n3
�m
�o=1J4x=~�ɉLh�JU�Z=Q��x�q6�3O¾;-ϥpTY�Pu�[i��~]@}�O_�&�Anzvtsʹ
Yn!Xݨs�7n9�O^���ۍ�vN]|?1�K*`D8ݏN$_0�y�N��yn�;4�`&�vgLL�Yʨ����6{N:<3߲H\$� �Tb�A�9l"?KH.Կ�sg��.-͡+!vgʱex.f$`¥
�i`�_GBb� �+M
Z�{�OPtl�]ס ak1/i'>�˝}L7ufT
=s#1-ٕ�k8�v
F߭eh#IM�&Ah&W5��b8�gKCJ�챻�$(I6�=�@UjVAs7 }�x�+SΆ��ChY�JeΚ��O�ko7F>Am-�E{�n,��/'IoF}k_V�`�ń�K�l:F6HiU��_4jK7⏄Ѥ�bY?��AQ6+yJ>?��T@|�
%�؍�AQ6�fw�ƾ�&;!�x�]��Y;Oeε,s0ŬBSh��=�)�O?n'[n
5E`0l`eh�̋m�zWU6y�K*>`H�A1^Hugz$U`'�~"3V[���CA:�h?A߆S �\}O `�L{Oz街�iћ��r@c]��~�(��ȵ-��Ԧ?+cw�)+],by�Y3; �0tZH�D�G�x
k�ok3gx�=] vD
&�(l2ۖ?Z c/p���Ķ`:�+JbA4\�n2?>Ş�i3�f��@ �( of8躙�`y%K@��:�
78ǩkl6<�m܈@gA0n%/适)@�t��6Yգv1E9b�릍D]�hT_�&*ʢ#�/ײ�/ߵ#3qݼ�®,�vyX�\�Fbr囸9m��@�>���{z��wn}�\��:1V`'7Y=-lI12��tIV3kti�(�aa�ɗX�[zD�5b3LP�9˒�z�;�O7)�>�:`-�S!�#׆)�a+e�cP�f�L*@�<�փ
Lc�=`#hxd,��Rh1 �Lb'�kIɫ
"79=e7i�Fs}7@j0ĝ"+roq%��=L$�8)^(Eg8y��ba"ENE<<�r$Y"�:¸0X��+2ƋC�Ne#�i>H
B(W]j^~>�ע~;�X�Ex8~8.RUD!6�:�N�6�ݣ�ŧ�}[7xIMU]
+K3Ӿ7A0�|u^o^'+j8a*X�E�l�⍿�01�4[�ˬZQ+%IL#;o��b$-�U.ɡ/綺�`��ڔ̾r&s.#�M�W�\)ҦG(ϗգ�>t�)�uÙZ`'l/ZV?WA����
|
Enterprise Applications 
