You are on page 1of 33

e-Business Risk Management

Click to edit Master subtitle style

CIO Kelompok

7

Presented by
Nia Kurniasih Nur Budianto S Dedi Nirtadinata S Enggo Widodo
4/30/12

Scope

4/30/12

2 2

Definition

Source: Oxford Dictionary

Risk

The possibility of meeting danger. Can negatively impact or positive. The process of dealing with or controlling people or things The activity of making, buying, selling or supplying things
4/30/12

Management

Business

e-Business

=?

3 3

e-Business Model Electronic Business using Information Technology (internet) 4/30/12 4 4 .

e-Business Model Using IT to buy and sell goods and exchange services electronically X = serves a broader term. all forms of business conducted using electronic data 4/30/12 transmission for 5 5 .

. Hardware ◦ Web server 4/30/12 6 6 .The Technology of eBusiness Protocols ◦ ◦ TCP/IP HTTP Web browser  Software ◦ Firefox. Safary. Chrome. etc.

The Technology of eBusiness HTML ◦ Formatting language that presentation of information over the World Wide Web (WWW) Language that enable the transmission and manipulation of information across the Internet network 4/30/12 7 7 XML ◦ .

Samples of e-Business e-Banking Services e-Shopping e-Hotel e-Ticket e-Logistics e-Learning e-Gambling 4/30/12 8 8 .

Why We Need e-Business Risk Management? Control or minimize risks bring new set of risks model evolution Internet e-Business Based ◦ on statistics Over 30% of projects are cancelled before completion Over 50% of projects cost 100% or more than their original estimates Only 16% of software projects are 4/30/12 9 9 ◦ ◦ .

” 4/30/12 Bill Gates 10 10 .e-Business Model Evolution “Business is going to change more in the next ten years than it has in the last fifty.

e-Business Model Evolution 4/30/12 11 11 .

e-Business Risk 4/30/12 12 12 .

personal and exchange or transaction is similar to privacy but focuses on information specifically designed to be confidential or secret 4/30/12 13 13 Confidentiality .Privacy and Confidentiality Privacy concert protection to proprietary information incl.

E-business provides opportunity to collect more data of buyers and sellers vs brick mortar (manual) 2. Information obtained from e14 . Internet allows dissemination of information world wide faster and cheaper than other comm.Privacy and Confidentiality Very important to e-business due to: 1. Channel 4/30/12 14 3.

Internet Tracking Tools Logs a file contain a record each time a user’s Web browser views an Internet page are pieces of data placed in a browser’s memory Cookies 4/30/12 15 15 .

Security Risk System penetration violation Authorisation Trojan Horse Communications monitoring(Spoofing) DoS Repudiation 4/30/12 16 16 .

System Availability and Reliability Server Failure down on processing transaction 4/30/12 17 17 .

timely. and authorized integrity Risk ◦ ◦ Transaction Spoof Scam 4/30/12 18 18 .Transaction Integrity System processing is complete. accurate.

The e-Business Project Risk Model Content Delivery Risk Risk Risk Technology Organization Resource Market Project Risk Risk Risk 4/30/12 19 19 .

Risk Management Process 4/30/12 20 20 .

Risk Planning Define Four ◦ ◦ ◦ ◦ risk management process to needs of Project stages to risk management planning Risk identifier Risk analysis Risk handling/response Risk monitoring Output : Risk Management Plan 4/30/12 21 21 .1.

Risk Identification Identification Find ◦ ◦ ◦ and name the risks the cause of the situation Business users no available Server attacked by DoS Etc. Find ◦ ◦ the impact of risks Budget will be expected Server down Output: Risk Identification 4/30/12 22 22 ..2.

Risk Analysis Determine Determine the probability of chance occurrence of the risk consequence of each risk using ordinal scales found in the Risk Management Plan : Risk Analysis Record Output 4/30/12 23 23 .3.

4. Risk Handling/Response Define mitigation plan to respond to each risk required resources : Risk Handling Plan Estimate Output 4/30/12 24 24 .

4. Avoid the risk Transfer the risk Mitigate the risk Accept the risk 4/30/12 25 25 . Risk Handling/Response There ◦ ◦ ◦ ◦ are four things you can do about a risk.

5. Risk Monitoring Track Risk & control progress in performing risk handling plans Handling Plan progress is tracked and updated monthly monitoring risk to identify any change in the status : 26 26 ◦ ◦ Continually Output Risk Status Report Prioritized Risk List 4/30/12 .

Risk Management Process Flow 4/30/12 27 27 .

Challenges for e-Business Risk Management Dealing with multiple stakeholder of stakeholder groups Understanding requiretments Meeting / managing stakeholder expectations of systems functionality and availability project managers with appropriate skill sets 4/30/12 Finding Managing a wider range of 28 28 .

The Role of IS Auditors Involvement  ◦ Directly in Project Management Team and/or Indirectly in Project Steering Committee Cost Return Potential financial implications Contract 4/30/12 terms 29 29 Analysis ◦ ◦ ◦ ◦ .

The Role of IS Auditors Security ◦ ◦ ◦ and risk management Setting security objectives Identifying threats Providing advice on feasible solutions Developing incident response capability ◦ 4/30/12 30 30 .

The Role of IS Auditors Monitoring ◦ ◦ ◦ ◦ User Requiretments Security and Controls Testings Documentation 4/30/12 31 31 .

Final Thought Cost Risk Potential Problem Valueadded 4/30/12 32 32 .

gov/office/codeq/ risk/ Harvard ◦ University http://vpfweb.Best Practice NASA ◦ (National Aeronautics and Space Administration) http://www.edu/rmas/index.nasa.hq.html 4/30/12 33 33 .harvard.

02039%0.9.3/.4.3.2.02039 O 70.93!740.%0#4041$:/9478 O 3.

.93!740..9$900734229900 O 3..13.990728  .25.88     489 #09:73 !49039.3.9438 4397.47  3/70.

/3.04533.3.5.8-084:9438 0.08 /03913970.04310./03970854380.9.%0#4041$:/9478 O $0..3/782.02039     $099380.98 !74.:79.:794-0./.-9  ..

%0#4041$:/9478 O 439473     &807#06:70920398 $0.3/439748 %08938 4.:79.943  .:2039.

:0 .%4:9 489 #8 !49039. !74-02 '.3.//0/  .

.3/$5..943.9.943  995.8.089!7.0 O $ .0 /23897.:9.0743.

.

4.8. 6 3.

411.0.

.4/06.

78.

0789  995.7.. O .7/&3.

.

7..7/ 0/:..51 0- .

72.8.

3/0 92  .