
This post is brought to you by Xerox. With Xerox driving your non-core business processes, you are free to focus on what matters most. You are ready for real business. As always, VentureBeat is adamant about maintaining editorial objectivity.
Risk management, at its core, is a simple concept, but is often extremely difficult to implement and maintain. For information technology managers, it?s an increasingly important skill.
Its key precepts are to identify risks to your business, to assess those risks by determining their potential impact and their likelihood of occurrence, and then to take steps to mitigate the risks to an acceptable level.
Market, credit, and operational risks have traditionally been a part of the corporate decision-making process, as they are easily quantifiable and measurable items. IT risk, however, has often been excluded from the boardroom. That?s due in part to the difficulty of measuring direct financial impact to both IT infrastructure and the business itself.
However, we are now in an age where the processes of capturing, storing, and retrieving information is the foundation upon which most of the world currently operates. Since information is now the dominant force and the most valuable asset for many modern companies, managers can no longer afford to ignore or downplay IT and the risks associated with it.
The U.S. National Institute of Standards and Technology expounds on this newfound importance of IT risk management in a special publication: ?The principal goal of an organization?s risk management process should be to protect the organization and its ability to perform their mission, not just its IT assets.? Therefore, the risk management process should not be treated primarily as a technical function carried out by the IT experts who operate and manage the IT system, but as an essential management function of the organization.?
It?s not just preparing for disaster
IT managers jokingly complain that their departments often get blamed for everything that goes wrong. The stark, modern reality is, however, that infrastructure deployed and maintained by technical professionals is now actively responsible for supporting most business-critical services in just about every industry. This puts IT managers in the mostly unenviable and sometimes untenable position of having to understand nearly every aspect of the businesses they support.
Even the failure of seemingly simple services such as e-mail can have wide-ranging effects across multiple departments. Sales staff may not be able to process an urgent order from a customer. The purchasing department may not receive notification of a shipping delay. A production manager may be unable to request an emergency meeting.
The ability to predict wide-ranging effects of simple changes or failures becomes a necessary part of both an effective IT risk management program and the technology decision-making process as a whole.
Where to get risk management guidance
The good news for IT managers is that several organizations have already expended vast amounts of money and research to provide viable methods for qualitative IT risk management. The Software Engineering Institute at Carnegie Mellon University created one such program: the OCTAVE method.
Globally-recognized, non-profit IS/IT membership organization ISACA (Information Systems Audit and Control Association) also offers its COBIT program, which integrates numerous other frameworks and international standards into one comprehensive solution.
For IT managers, the effectiveness of how they identify and mitigate risk across the corporation now will make more of a difference than pure technical skills. As they learn which essential job functions rely on which infrastructure components and become better at predicting the potential wide-ranging impact of system failures, effective IT managers can often become the key players in the decision-making processes of the organizations they represent.
IT risk management then becomes the cornerstone of one of the most important day-to-day goals in any industry: Keeping the business running.
?Risk? keyboard: VentureBeat.
Filed under: VentureBeat
![]()
chiefs kc chiefs kc chiefs judy garland j r martinez j r martinez long island serial killer



We’re all now familiar with how adwords campaigns on Google work. You buy keywords commonly used in search terms, such as “plumber in X town”, and send people to a response mechanism, usually a web site. But increasingly that response mechanism is not a just a web site but a phone number as well – sometimes it’s even just a phone number. But these days it’s rarely an ordinary number – it’s usually a ‘smart number’ that performs certain kinds of actions and sends data, just like browser calls a web page and sends data from that page. These smart numbers can be made to grab an RSS feed, play a sound file, make the caller fill out a form with their voice – just about anything. Increasingly we are seeing tech startups address what you do with that phone call and the data and analytics that can be pulled from it, just like on the Web. While Google and Facebook look at this area with their pet own projects, startups have appeared on the market to address this, such as