ZDNet UK


Skip to Main Content

ZDNet.co.uk - Winner of Best Business Website 2007
  1. Home
  2. News
  3. Blogs
  4. Reviews
  5. Jobs
  6. Resources
  7. Community
  8. My ZDNet

 

ZDNet UK RSS Feeds


Management Toolkit

Assessing the risk factor

Deb Shinder

Published: 30 Nov 2005 16:25 GMT

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

Risk management is a popular buzzword in today's business world, but many IT administrators have only a vague idea of what it means and how it fits into their job descriptions. Risk management is a fairly simple concept; it refers to the process of making decisions based on an evaluation of the factors that present a threat to the business. In IT, that means assessing your network's vulnerabilities and threat exposure, and taking the steps necessary to mitigate them.

There are several different components to risk management. These include a risk management framework that describes areas of responsibility and the stream of accountability within the organisation or department; risk analysis, a process of identifying vulnerabilities and calculating financial and loss expectancy metrics and a risk management plan, which lays out the way specific tools will be used to reduce the risks to an acceptable level.

If all this sounds like a bunch of MBA mumbo-jumbo to you, you're not alone.

Risk management in plain English
The steps involved in performing a risk analysis can be broken down into a few categories:

  • Identifying the risks (in this case, the risks to your organisation that are presented by your network).
  • Determining the potential impact of the threats
  • Weighing the cost of safeguards against the impact of the threats
  • Making the decision on how to address risks effectively and cost efficiently
  • Implementing risk controls
  • Assessing effectiveness

A risk can be to the company's assets — a risk that can result in financial loss, such as the exposure of the company's trade secrets to a competitor or violation of regulatory statutes such as HIPAA or the GLB Act, which would result in fines and possibly other penalties. Some risks are to the company's mission — risks that interfere with employees' performance of their jobs, such as a denial of service attack that brings down the network. Of course, these categories can overlap; a single vulnerability may threaten both assets and mission.

The impact refers to the severity of the threat and the probability of a loss resulting from it. Probability x severity = the risk exposure.

The next step is to determine the cost/benefit ratio of the various measures you can take to reduce or eliminate the risk, and making decisions based on that information. Risk management formulae can...

For more, click here... 

Next

Previous

1 2


  • Email
  • Trackback
  • Clip Link
  • Print friendlyPrint with Konica

Did you find this article useful?
135 out of 236 people found this useful


In association with Intel

Talkback

Post a comment


Full Talkback thread

0 comments

Related Links

More In Management


Company/Topic Alerts

Create a new alert from the list below:








Related Jobs

Information Security Risk Manager

PMO Planning Lead- Leeds

Senior QA Tester

Discussions

roger andre roger andre

Unwittingly Working For Google.

Sunday 12 October 2008, 10:49 PM

6 comments
christian harris christian harris

Unwittingly Working For Google.

Sunday 12 October 2008, 9:22 PM

6 comments
roger andre roger andre

Skype Spying Debacle

Sunday 12 October 2008, 6:43 PM

1 comment
bagalibaba bagalibaba

CHEAP SELL, TOP QUALITY

Sunday 12 October 2008, 4:12 PM

1 post

View All