Professional Documents
Culture Documents
To IT Risk Management
Dedy Syamsuar, PhD
Banyaaaaak
..
What is risk?
The possibility of suffering harm or loss; danger
The possibility of loss or injury
Chance of danger, injury, loss
A measure of the probability and severity od adverse
effects
Definitions of Risk
Risk Management, in general, is a process aimed at an efficient balance
between realizing opportunities for gains and minimizing vulnerabilities and
losses (Enisa, 2006)
Risk management is the process that allows IT managers to balance the
operational and economic costs of protective measures and achieve gains in
mission capability by protecting the IT systems and data that support their
organizations missions (Stoneburner, 2002)
"Risk management is the process of dentifyingvulnerabilitiesandthreatsto
the information resources used by an organization in achieving business
objectives, and deciding whatcountermeasures, if any, to take in reducing
risk to an acceptable level, based on the value of the information resource
to the organization (ISACA, 2006).
Risk
Expert knowledge,
judgement &
experience
Individual
knowledge, judgement
& experience
System Complexity
Risk assessment
Risk identification - listing project-specific risk items
that are likely to compromise a projects success
Risk analysis - assessing the loss probability & loss
magnitude for each identified risk item, & assessing
compound risks
Risk prioritization - ordering & ranking the risk items
identified & analyzed
It is important to identify
What can
go wrong ?
What is the
likehood it
wil go
wrong?
What are
the
consequenc
es?
What can
be done?
What
options are
available
Software
SYSTEM
People
Schedule
Cost
Risk Control
Risk-management planning doing the ground work
so as to be in a position to address each risk item
Risk resolution - producing a situation in which risk
items are eliminated or resolved
Risk monitoring - tracking the projects progress
towards resolving risk items & taking corrective action
where required
Not
knowing
what the
risks are!