ZDNet UK


Skip to Main Content

ZDNet.co.uk - Winner of Best Business Website 2007
  1. Home
  2. News
  3. Blogs
  4. Reviews
  5. Prices
  6. Resources
  7. Community
  8. My ZDNet

 

ZDNet UK RSS Feeds


IT Jobs

Management Toolkit

Don't leave risk management to chance

Maxine Holt Butler Group

Published: 04 Oct 2005 16:00 BST

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

...state that a service is to be available 99 percent of the time, but if the 1 percent that the service is unavailable falls during business hours, then the actual support provided by the IT department will be perceived to be poor.

Network availability will also be another key indicator of the management of risk for the IT department — the provision of an end-to-end service to individual or groups of users shows how IT has managed to support the organisation in its pursuit of business or the not-for-profit area in which it operates. This can be broken down into the service uptime of primary servers and segments of the network — e.g. networks at different sites, etc.

Compliance is a key driver for many organisations today, not only in the area of email management but for IT systems as a whole. The use of the IT systems must be auditable and retrievable within the requirements of the appropriate regulatory bodies and government legislation.

In the area of information security, achievement and maintenance of ISO 17799 (formerly BS7799) is a key indicator. This is a security standard that many organisations have adopted, whether formally or informally, and they are finding it helps retain the security of information held. Additionally, the implementation of a roles-based directory for all users — including third parties — helps ensure that a suitable level of access is only granted to appropriate users for specific applications. A roles-based directory tracks user usage throughout the necessary systems and retains an auditable record suitable for compliance purposes.

The Data Protection Act in the UK (comparable to other pieces of legislation around the globe) requires that information is kept secure, but also that it is disclosed to the appropriate person as requested. The number of disclosure requests, alongside the time it takes to respond to these disclosure requests, can be useful metrics for the IT department. The Freedom of Information Act, recently passed in the UK, can have the same metrics applied.

Information management is another key area that can be assessed to ensure compliance is continuously achieved. One example here is the implementation of a Records Management system — for organisations in the public sector such a system is generally required to be TNA 2002 approved in the UK, or Department of Defense 5015 in the US.

There will be a great...

For more, click here...

Next

Previous

1 2 3 4


  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

Did you find this article useful?
215 out of 416 people found this useful


Talkback

Post a comment


Full Talkback thread

1 comment

  1. business risk managementteak benchesland for sale... Anonymous

More In Management



Company/Topic Alerts

Create a new alert from the list below:










Related Jobs

Security Consultant Ethical Hacking / Penetration Testing - London

00036731 - IT Strategy Consultants

S58211 - Applications Management Analyst

Discussions

stl_saint stl_saint

a smart one

Friday 22 August 2008, 2:24 AM

4 comments
Xwindowsjunkie Xwindowsjunkie

Should a security professional have a...

Thursday 21 August 2008, 11:53 PM

1 comment
1000262163 1000262163

Time the law was applied!

Thursday 21 August 2008, 9:51 PM

1 comment
Yellowcave Yellowcave

Goes against their current position.

Thursday 21 August 2008, 5:42 PM

1 comment

View All