Close
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Latest News

      How to Develop a Risk Management Strategy

      By
      Samir Kapuria
      -
      December 20, 2007
      Share
      Facebook
      Twitter
      Linkedin

        IT risk management is as an enterprise-wide approach to refining people, processes and systems to achieve the organization’s preferred balance of IT costs and risks in order to improve the company’s overall performance.

        IT risk management is a growing component of total operational risk management. As businesses increasingly depend on IT to automate processes and store information, IT risk management is emerging as a separate practice—one that balances the operational and economic costs of security, availability, performance and compliance measures to achieve organizational missions and gains in innovation capability.

        So how can organizations advance from good to great IT risk management practice? The challenge lies in understanding their portfolio of IT risks, quantifying and prioritizing them against the organization’s risk profile and developing an effective program of remediation activities.

        The following five-step process can help organizations assess their levels of IT risk, develop remediation road maps and ultimately build effective, continuous IT risk management programs.

        Phase 1—Develop Awareness of IT Risks

        IT risk mitigation begins with comprehensive discovery, including:

        • Establishing the program’s scope (how expansive a view of IT risk is appropriate?).
        • Constructing a risk profile for the organization based on its overall priorities.
        • Identifying key areas of IT risk.

        Assessment should also consider the organization’s current requirements, capabilities and vulnerabilities. Finally, this stage involves identifying and classifying threats, issues, vulnerabilities and weaknesses and assigning each a priority according to risk.

        Phase 2—Quantify Business Impacts

        Quantifying business impacts is typically the most challenging step—and the most important. Until they have quantified the impact, positive or negative, of addressing an area of IT risk, IT leadership may be unable to attract their colleagues’ attention to it or the funds needed for mitigation.

        Quantification of business impacts typically follows a two-phased approach:

        • Prioritize risks based on potential business impacts according to the organization’s risk profile and the ease or difficulty of risk mitigation, measured in time, staff resources and investment.
        • Build detailed business arguments for only those risks identified as high-impact areas.

        Phase 3—Design Solution

        At this point, the organization knows the scope and components of its IT risk management program, its current status and the priority and quantification of each area of IT risk.

        The next step is to design a set of remediation solutions, across the classic elements of people, process and technology, each with requirements, specifications, goals and functions.

        This phase also includes detailed costing analysis to keep costs and benefits of proposed initiatives aligned to organizational goals.

        Phase 4—Align IT and Business Value; Implement Solution

        Implementation determines whether risk-mitigation initiatives are deployed successfully across people, process and technology with close involvement of organizational stakeholders. This phase also requires closed-loop measurement and continuous improvement in order to achieve efficient mitigation across the different risk priorities. With a coherent system of metrics and performance management capabilities, organizations set the stage for collection of baseline data, performance tracking and assessment of program effectiveness against the original business case.

        Phase 5—Build and Manage Unified Capability

        Once implementation of the first wave of IT risk solutions is underway, organizations should institute programs for continuous improvement and ongoing governance of their IT risk management program.

        By adapting their efforts as their experience and effectiveness grow toward maturity, organizations can avoid or overcome the most common implementation challenges, such as guesswork, reactive projects and lack of quantifiable progress.

        While there is no magic formula for IT risk management, this process can help organizations marshal their resources effectively to achieve real, lasting improvements in IT risk management, often while reducing the complexity and cost of IT infrastructure.

        Samir Kapuria is the managing director of Advisory Services at Symantec.

        Samir Kapuria

        MOST POPULAR ARTICLES

        Android

        Samsung Galaxy XCover Pro: Durability for Tough...

        Chris Preimesberger - December 5, 2020 0
        Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
        Read more
        Cloud

        Why Data Security Will Face Even Harsher...

        Chris Preimesberger - December 1, 2020 0
        Who would know more about details of the hacking process than an actual former career hacker? And who wants to understand all they can...
        Read more
        Cybersecurity

        How Veritas Is Shining a Light Into...

        eWEEK EDITORS - September 25, 2020 0
        Protecting data has always been one of the most important tasks in all of IT, yet as more companies become data companies at the...
        Read more
        Cybersecurity

        Visa’s Michael Jabbara on Cybersecurity and Digital...

        James Maguire - May 17, 2022 0
        I spoke with Michael Jabbara, VP and Global Head of Fraud Services at Visa, about the cybersecurity technology used to ensure the safe transfer...
        Read more
        Big Data and Analytics

        GoodData CEO Roman Stanek on Business Intelligence...

        James Maguire - May 4, 2022 0
        I spoke with Roman Stanek, CEO of GoodData, about business intelligence, data as a service, and the frustration that many executives have with data...
        Read more
        Logo

        eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

        Facebook
        Linkedin
        RSS
        Twitter
        Youtube

        Advertisers

        Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

        Advertise with Us

        Menu

        • About eWeek
        • Subscribe to our Newsletter
        • Latest News

        Our Brands

        • Privacy Policy
        • Terms
        • About
        • Contact
        • Advertise
        • Sitemap
        • California – Do Not Sell My Information

        Property of TechnologyAdvice.
        © 2021 TechnologyAdvice. All Rights Reserved

        Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

        ×