Professional Documents
Culture Documents
TECHNOLOGY (IT)
RISK
Elmar C. Francisco, MSEE
Risk Management
ELMAR C. FRANCISCO
Ref: http://karimabadi.ca/it-risk-management/
DATA PRIVACY ACT OF 2012
AN ACT PROTECTING
INDIVIDUAL PERSONAL
INFORMATION IN
INFORMATION AND
COMMUNICATIONS SYSTEMS
IN THE GOVERNMENT AND THE
PRIVATE SECTOR, CREATING
FOR THIS PURPOSE A
NATIONAL PRIVACY
COMMISSION, AND FOR OTHER
PURPOSES
DATA PRIVACY ACT OF 2012
Companies with at least 250 employees or access
to the personal and identifiable information or
of at least 1,000 people should register with the
National Privacy Commission and comply to the
Act
All personal information must be collected for
reasons that are specified, legitimate, and
reasonable.
Personal information must be handled properly.
Information must be kept accurate and relevant
Personal information must be discarded in a way
that does not make it visible and accessible to
unauthorized third parties.
ITIL
Information Technology
Infrastructure Library
(ITIL) is a library of
volumes describing a
framework of best
practices for delivering IT
services (CIO.com)
ITIL v3, focuses on
business and IT (hardemancountryschools.org)
integration
VOLUMES OF ITIL (BMC.COM)
1. Service Strategy
2. Service Design
3. Service Transition
4. Service Operation
5. Continual Service
Improvement
INCIDENT MANAGEMENT
Fulfillment of Service
Requests
Service Request
examples – Password
reset, account
creation and
deletion, minor
software installation,
system reporting
beyond what is usual
(k, Zab)
SAMPLE PRIORITY MATRIX
PRIORITY MATRIX
(IMPACT VS URGENCY)
Impact Urgency
• 1 High – damage is highly
1 High – widespread time sensitive (several
2 Medium – VIP)
department level • 2 Medium - increases
considerably over time
3 Low – single/few (few VIP)
users • 3 Low - only marginally
increases over time (no
VIP)
PRIORITY MATRIX EXERCISE
(imgur)
ROOT-CAUSE ANALYSIS
TECHNIQUES: FIVE-WHY’S
Why? - Fail in one subject
Why? - Fail in the final exam
Why? - Mind and body not conditioned
Why? - Two hours of sleep
Why? - Facebook until 3AM
From ASQ
SERVICE-LEVEL
MANAGEMENT
Service-level management
provides for continual
identification, monitoring
and review of the levels of IT
services specified in
the service-level
agreements (SLAs)
A service-level
agreement (SLA) is a
commitment between a
service provider and a client
(e.g. Internet service
providers and telcos )
KEY
PERFORMANCE
INDICATOR (KPI)
Green – Above
threshold
Yellow/Orange –
within threshold
range
Red – below
threshold
Responsible -(also Recommender)Those
who do the work to complete the task
FOUR-EYES
PRINCIPLE
CASE 2: CBA COMPUTER OUTAGE (2012)