IT risk incidents damage corporate reputations, expose weaknesses in firms management teams, rob profits, and dampen competitive advantage. What's an IT executive to do? Authors George Westerman and Richard Hunter offer 3 tips for improving IT risk management in your enterprise.

Analyze IT risks in terms of business risks and focus your resources accordingly.
Novartis CIO Jim Barrington solves IT issues "in direct relation to the size of the risk." For example, says Barrington, if a payroll system breaks, there is no business risk and it doesn't make sense to spend a great deal of money or time trying to back that up. Conversly, "clinical trial data coming from research studies involving hundreds of patients is vital" and not easily reproduced and loss of that data poses a huge risk to the business, says Barrington.

Make risk part of every conversation about overseeing IT.
In an effort to make business executives aware of how certain IT risks may effect the business's goals, Biogen Idec CIO Patrick Purcell says he takes some time in his regular meetings with senior business executives to raise awareness about IT risk. To help drive the point home, he tailors his message. "So if I'm talking about risk in the finance area," says Purcell," I would talk in terms of Sarbanes-Oxley and the control risk that we might have in that regard."

Think of employees as both a problem and a solution.
According a U.S. Secret Service and CERT report, about 33% of those who committed insider cyber-sabotage made their plans known to colleagues, and "about 12 percent of those saboteurs who were caught, before or after committing the act, were turned in by coworkers."

Buy the book

ITworld.com

• Email
• Print
• Share
  • Slashdot
  • Digg
  • Stumble
  • Reddit
  • Newsvine