SlideShare a Scribd company logo

How to apply risk management to IT

John Bun
John Bun
Business
1 of 16
How to apply Risk Management to IT
What is a Risk A likeliness a loss occurs
process to protect against threats
Risk of <loss or damage to asset> due to <event> caused by <cause>
Event: Power Outage Control: Vulnerability: UPS Poor maintenance Impact: Datacenter outage Risk of loss of datacenter services due to power outage caused by poor UPS maintenance
Budget overruns Delays Poor quality Ineffective change management Financial, Configuration issues Operational Unauthorized access Malware Virus attacks Website attacks Poor patch management Security Utilities failure Natural disasters Physical Labor strikes Infrastructure Obsolete technology Theft Inflexible architecture IT Risk Categories Staffing Compliance Operations Non compliance with SOX, Law, Data Privacy, Licence contracts Loss of key IT resources Inability to recruit staff Mismatch of skills Human errors Breakdown processes Outsourcing Poor service levels Data leakage, lack of support
(1) Risk 4 Phases Identification (4) Risk (2) Risk Monitoring Assessment (3) Risk Mitigation
4 Phases (1) Risk Identification Identify all potential risks Examples Monitoring Assessment Hard disk failure Malware Spyware Mitigation Other hardware failure Theft Loss internet connectivity
(2) Risk 4 Phases Assessment Map identified risks Monitoring Assessment Mitigation
4 Phases (3) Risk Mitigation 4 risk mitigation strategies Define per risk strategy measures to reduce risk Risk Mitigation Strategies Identified and assessed risks Avoid risk by Reduce risk by Hard disk failure Accept risk? Remaining risk level Backup Malware Transfer risk by Malware software Theft Spyware Monitoring Other hardware failure Loss of internet connectivity Insurance Spyware Assessment accept accept
4 Phases (4) Risk Monitoring A risk can never be completely eliminated. It can only be managed Identified and assessed risks Risk Mitigation Hard disk failure Backup Malware Malware software Theft Insurance Spyware Spyware Other hardware failure Loss of internet connectivity Monitoring Risk Monitoring activity Check correct and completeness of backup Regular restore Check validity insurance Check regular anti spyware updates and check correct and complete execution Assessment
Risk Management tips • Build multidisciplinair teams to identify, assess, mitigate and monitor risks from different perspectives • Use brainstorming techniques to identify risks and to mitigate risks • Define risk mitigation measures based on the four strategies (avoid, reduce, transfer, accept) starting from the highest risks • Weave risk management activities in the daily project and service management practices and tooling
Governancee ISO38500 Managemente Prince2 / PMBok Build Acquire Implemente Service Delivery ITIL v3 SABSA ISO31000 ISO27000
The mystery behind on time, on budget and meeting customer expectation projects or services ?
well executed risk management
Thank You More questions or remarks Feel free to contact me be.linkedin.com/in/johnbun riskmanagement@johnbun.com

Recommended

Basic computersecurity
Basic computersecurityBasic computersecurity
Basic computersecurity
HarshadWadkar
 
Andrey Bogdanov, Dmitry Khovratovich, and Christian Rechberger
Andrey Bogdanov, Dmitry Khovratovich, and Christian RechbergerAndrey Bogdanov, Dmitry Khovratovich, and Christian Rechberger
Andrey Bogdanov, Dmitry Khovratovich, and Christian Rechberger
Information Security Awareness Group
 
Risk management of basel norms
Risk management of basel norms Risk management of basel norms
Risk management of basel norms
SKMohamedKasim
 
Achieving Continuous Monitoring with Security Automation
Achieving Continuous Monitoring with Security AutomationAchieving Continuous Monitoring with Security Automation
Achieving Continuous Monitoring with Security Automation
Tripwire
 
What Every Organization Should Log And Monitor
What Every Organization Should Log And MonitorWhat Every Organization Should Log And Monitor
What Every Organization Should Log And Monitor
Anton Chuvakin
 
Risk Presentation
Risk PresentationRisk Presentation
Risk Presentation
Kathy_67
 
MIS: Information Security Management
MIS: Information Security ManagementMIS: Information Security Management
MIS: Information Security Management
Jonathan Coleman
 
Operations_Security - Richard Mosher
Operations_Security - Richard MosherOperations_Security - Richard Mosher
Operations_Security - Richard Mosher
amiable_indian
 

Recommended

Basic computersecurity
Basic computersecurityBasic computersecurity
Basic computersecurity
HarshadWadkar
 
Andrey Bogdanov, Dmitry Khovratovich, and Christian Rechberger
Andrey Bogdanov, Dmitry Khovratovich, and Christian RechbergerAndrey Bogdanov, Dmitry Khovratovich, and Christian Rechberger
Andrey Bogdanov, Dmitry Khovratovich, and Christian Rechberger
Information Security Awareness Group
 
Risk management of basel norms
Risk management of basel norms Risk management of basel norms
Risk management of basel norms
SKMohamedKasim
 
Achieving Continuous Monitoring with Security Automation
Achieving Continuous Monitoring with Security AutomationAchieving Continuous Monitoring with Security Automation
Achieving Continuous Monitoring with Security Automation
Tripwire
 
What Every Organization Should Log And Monitor
What Every Organization Should Log And MonitorWhat Every Organization Should Log And Monitor
What Every Organization Should Log And Monitor
Anton Chuvakin
 
Risk Presentation
Risk PresentationRisk Presentation
Risk Presentation
Kathy_67
 
MIS: Information Security Management
MIS: Information Security ManagementMIS: Information Security Management
MIS: Information Security Management
Jonathan Coleman
 
Operations_Security - Richard Mosher
Operations_Security - Richard MosherOperations_Security - Richard Mosher
Operations_Security - Richard Mosher
amiable_indian
 
Industrial Cyber Security: What You Don't Know Might Hurt You (And Others...)
Industrial Cyber Security: What You Don't Know Might Hurt You (And Others...)Industrial Cyber Security: What You Don't Know Might Hurt You (And Others...)
Industrial Cyber Security: What You Don't Know Might Hurt You (And Others...)
Tripwire
 
Application and Systems Development
Application and Systems DevelopmentApplication and Systems Development
Application and Systems Development
amiable_indian
 
Information Security Discussion for GM667 Saint Mary's University of MN
Information Security Discussion for GM667 Saint Mary's University of MNInformation Security Discussion for GM667 Saint Mary's University of MN
Information Security Discussion for GM667 Saint Mary's University of MN
Saint Mary's University of Minnesota
 
The Importance of Security within the Computer Environment
The Importance of Security within the Computer EnvironmentThe Importance of Security within the Computer Environment
The Importance of Security within the Computer Environment
Adetula Bunmi
 
What is a Firewall Risk Assessment?
What is a Firewall Risk Assessment?What is a Firewall Risk Assessment?
What is a Firewall Risk Assessment?
VISTA InfoSec
 
Understanding the Risk Management Framework & (ISC)2 CAP Module 15: Incident ...
Understanding the Risk Management Framework & (ISC)2 CAP Module 15: Incident ...Understanding the Risk Management Framework & (ISC)2 CAP Module 15: Incident ...
Understanding the Risk Management Framework & (ISC)2 CAP Module 15: Incident ...
Donald E. Hester
 
Chap5 2007 C I S A Review Course
Chap5 2007 C I S A Review CourseChap5 2007 C I S A Review Course
Chap5 2007 C I S A Review Course
Desmond Devendran
 
Continuous Monitoring: Getting Past Complexity & Reducing Risk
Continuous Monitoring: Getting Past Complexity & Reducing RiskContinuous Monitoring: Getting Past Complexity & Reducing Risk
Continuous Monitoring: Getting Past Complexity & Reducing Risk
Tripwire
 
FIRST 2006 Full-day Tutorial on Logs for Incident Response
FIRST 2006 Full-day Tutorial on Logs for Incident ResponseFIRST 2006 Full-day Tutorial on Logs for Incident Response
FIRST 2006 Full-day Tutorial on Logs for Incident Response
Anton Chuvakin
 
It Audit Expectations High Detail
It Audit Expectations High DetailIt Audit Expectations High Detail
It Audit Expectations High Detail
ecarrow
 
Security and Control Issues in information Systems
Security and Control Issues in information SystemsSecurity and Control Issues in information Systems
Security and Control Issues in information Systems
Dr. Rosemarie Sibbaluca-Guirre
 
Developing a Continuous Monitoring Action Plan
Developing a Continuous Monitoring Action PlanDeveloping a Continuous Monitoring Action Plan
Developing a Continuous Monitoring Action Plan
Tripwire
 
Logging, monitoring and auditing
Logging, monitoring and auditingLogging, monitoring and auditing
Logging, monitoring and auditing
Piyush Jain
 
Physical Security Management System
Physical Security Management SystemPhysical Security Management System
Physical Security Management System
Daniel Suchy, CPP, MSyI
 
L007 Managing System Security (2016)
L007 Managing System Security (2016)L007 Managing System Security (2016)
L007 Managing System Security (2016)
Jan Wong
 
Information risk management
Information risk managementInformation risk management
Information risk management
Akash Saraswat
 
MISO L007 managing system security
MISO L007 managing system securityMISO L007 managing system security
MISO L007 managing system security
Jan Wong
 
TroubleTicketing - product presentation
TroubleTicketing - product presentationTroubleTicketing - product presentation
TroubleTicketing - product presentation
pwal
 
Chapter 3 security part i auditing operating systems and networks
Chapter 3 security part i auditing operating systems and networksChapter 3 security part i auditing operating systems and networks
Chapter 3 security part i auditing operating systems and networks
jayussuryawan
 
DataPreserve- SEVRAR Jan 09
DataPreserve- SEVRAR Jan 09DataPreserve- SEVRAR Jan 09
DataPreserve- SEVRAR Jan 09
Mike Garland
 
How to apply lean to it
How to apply lean to itHow to apply lean to it
How to apply lean to it
John Bun
 
Lean project management
Lean project management Lean project management
Lean project management
John Bun
 

More Related Content

What's hot

Industrial Cyber Security: What You Don't Know Might Hurt You (And Others...)
Industrial Cyber Security: What You Don't Know Might Hurt You (And Others...)Industrial Cyber Security: What You Don't Know Might Hurt You (And Others...)
Industrial Cyber Security: What You Don't Know Might Hurt You (And Others...)
Tripwire
 
Chap5 2007 C I S A Review Course
Chap5 2007 C I S A Review CourseChap5 2007 C I S A Review Course
Chap5 2007 C I S A Review Course
Desmond Devendran
 
Developing a Continuous Monitoring Action Plan
Developing a Continuous Monitoring Action PlanDeveloping a Continuous Monitoring Action Plan
Developing a Continuous Monitoring Action Plan
Tripwire
 
MISO L007 managing system security
MISO L007 managing system securityMISO L007 managing system security
MISO L007 managing system security
Jan Wong
 

What's hot (20)

Industrial Cyber Security: What You Don't Know Might Hurt You (And Others...)
Industrial Cyber Security: What You Don't Know Might Hurt You (And Others...)Industrial Cyber Security: What You Don't Know Might Hurt You (And Others...)
Industrial Cyber Security: What You Don't Know Might Hurt You (And Others...)
 
Application and Systems Development
Application and Systems DevelopmentApplication and Systems Development
Application and Systems Development
 
Information Security Discussion for GM667 Saint Mary's University of MN
Information Security Discussion for GM667 Saint Mary's University of MNInformation Security Discussion for GM667 Saint Mary's University of MN
Information Security Discussion for GM667 Saint Mary's University of MN
 
The Importance of Security within the Computer Environment
The Importance of Security within the Computer EnvironmentThe Importance of Security within the Computer Environment
The Importance of Security within the Computer Environment
 
What is a Firewall Risk Assessment?
What is a Firewall Risk Assessment?What is a Firewall Risk Assessment?
What is a Firewall Risk Assessment?
 
Understanding the Risk Management Framework & (ISC)2 CAP Module 15: Incident ...
Understanding the Risk Management Framework & (ISC)2 CAP Module 15: Incident ...Understanding the Risk Management Framework & (ISC)2 CAP Module 15: Incident ...
Understanding the Risk Management Framework & (ISC)2 CAP Module 15: Incident ...
 
Chap5 2007 C I S A Review Course
Chap5 2007 C I S A Review CourseChap5 2007 C I S A Review Course
Chap5 2007 C I S A Review Course
 
Continuous Monitoring: Getting Past Complexity & Reducing Risk
Continuous Monitoring: Getting Past Complexity & Reducing RiskContinuous Monitoring: Getting Past Complexity & Reducing Risk
Continuous Monitoring: Getting Past Complexity & Reducing Risk
 
FIRST 2006 Full-day Tutorial on Logs for Incident Response
FIRST 2006 Full-day Tutorial on Logs for Incident ResponseFIRST 2006 Full-day Tutorial on Logs for Incident Response
FIRST 2006 Full-day Tutorial on Logs for Incident Response
 
It Audit Expectations High Detail
It Audit Expectations High DetailIt Audit Expectations High Detail
It Audit Expectations High Detail
 
Security and Control Issues in information Systems
Security and Control Issues in information SystemsSecurity and Control Issues in information Systems
Security and Control Issues in information Systems
 
Developing a Continuous Monitoring Action Plan
Developing a Continuous Monitoring Action PlanDeveloping a Continuous Monitoring Action Plan
Developing a Continuous Monitoring Action Plan
 
Logging, monitoring and auditing
Logging, monitoring and auditingLogging, monitoring and auditing
Logging, monitoring and auditing
 
Physical Security Management System
Physical Security Management SystemPhysical Security Management System
Physical Security Management System
 
L007 Managing System Security (2016)
L007 Managing System Security (2016)L007 Managing System Security (2016)
L007 Managing System Security (2016)
 
Information risk management
Information risk managementInformation risk management
Information risk management
 
MISO L007 managing system security
MISO L007 managing system securityMISO L007 managing system security
MISO L007 managing system security
 
TroubleTicketing - product presentation
TroubleTicketing - product presentationTroubleTicketing - product presentation
TroubleTicketing - product presentation
 
Chapter 3 security part i auditing operating systems and networks
Chapter 3 security part i auditing operating systems and networksChapter 3 security part i auditing operating systems and networks
Chapter 3 security part i auditing operating systems and networks
 
DataPreserve- SEVRAR Jan 09
DataPreserve- SEVRAR Jan 09DataPreserve- SEVRAR Jan 09
DataPreserve- SEVRAR Jan 09
 

Viewers also liked

Lean IT Defined
Lean IT DefinedLean IT Defined
Lean IT Defined
Chet Marchwinski
 
Have you tried to lean your IT Service Management? by Daniel Breston
Have you tried to lean your IT Service Management? by Daniel BrestonHave you tried to lean your IT Service Management? by Daniel Breston
Have you tried to lean your IT Service Management? by Daniel Breston
Institut Lean France
 
Lean IT - 8 Elements Of Waste
Lean IT - 8 Elements Of WasteLean IT - 8 Elements Of Waste
Lean IT - 8 Elements Of Waste
watpe01
 
AGILE CHM J-Marselje v5.2
AGILE CHM J-Marselje v5.2AGILE CHM J-Marselje v5.2
AGILE CHM J-Marselje v5.2
Johan Marselje
 
Itil V3 New Process Maps
Itil V3 New Process MapsItil V3 New Process Maps
Itil V3 New Process Maps
watpe01
 

Viewers also liked (20)

How to apply lean to it
How to apply lean to itHow to apply lean to it
How to apply lean to it
 
Lean project management
Lean project management Lean project management
Lean project management
 
Lean IT Defined
Lean IT DefinedLean IT Defined
Lean IT Defined
 
Have you tried to lean your IT Service Management? by Daniel Breston
Have you tried to lean your IT Service Management? by Daniel BrestonHave you tried to lean your IT Service Management? by Daniel Breston
Have you tried to lean your IT Service Management? by Daniel Breston
 
Turn a disastrous ERP implementation into a successful one with Lean IT by Kl...
Turn a disastrous ERP implementation into a successful one with Lean IT by Kl...Turn a disastrous ERP implementation into a successful one with Lean IT by Kl...
Turn a disastrous ERP implementation into a successful one with Lean IT by Kl...
 
Lean Information Technology
Lean Information TechnologyLean Information Technology
Lean Information Technology
 
Lean IT - 8 Elements Of Waste
Lean IT - 8 Elements Of WasteLean IT - 8 Elements Of Waste
Lean IT - 8 Elements Of Waste
 
Lean IT Presentation
Lean IT PresentationLean IT Presentation
Lean IT Presentation
 
Lean IT : Pourquoi l informatique a besoin du lean !
Lean IT : Pourquoi l informatique a besoin du lean !Lean IT : Pourquoi l informatique a besoin du lean !
Lean IT : Pourquoi l informatique a besoin du lean !
 
itSMF - Foundations of Lean IT
itSMF - Foundations of Lean ITitSMF - Foundations of Lean IT
itSMF - Foundations of Lean IT
 
AGILE CHM J-Marselje v5.2
AGILE CHM J-Marselje v5.2AGILE CHM J-Marselje v5.2
AGILE CHM J-Marselje v5.2
 
The Vertically Integrated Apple Pie: How vertical integration drives the need...
The Vertically Integrated Apple Pie: How vertical integration drives the need...The Vertically Integrated Apple Pie: How vertical integration drives the need...
The Vertically Integrated Apple Pie: How vertical integration drives the need...
 
Adaptive Business Capability
Adaptive Business CapabilityAdaptive Business Capability
Adaptive Business Capability
 
Help us free the kees
Help us free the keesHelp us free the kees
Help us free the kees
 
Omista oma työsi sytyke seminaari 2016 09
Omista oma työsi sytyke seminaari 2016 09Omista oma työsi sytyke seminaari 2016 09
Omista oma työsi sytyke seminaari 2016 09
 
Continuous is great
Continuous is greatContinuous is great
Continuous is great
 
Cobit trainigng schedule
Cobit trainigng scheduleCobit trainigng schedule
Cobit trainigng schedule
 
Eitm Technical Brief
Eitm Technical BriefEitm Technical Brief
Eitm Technical Brief
 
Leading IT Service Management from Scrum to Kanban
Leading IT Service Management from Scrum to KanbanLeading IT Service Management from Scrum to Kanban
Leading IT Service Management from Scrum to Kanban
 
Itil V3 New Process Maps
Itil V3 New Process MapsItil V3 New Process Maps
Itil V3 New Process Maps
 

Similar to How to apply risk management to IT

Causes And Consequences Of Data Leakage
Causes And Consequences Of Data LeakageCauses And Consequences Of Data Leakage
Causes And Consequences Of Data Leakage
Patty Buckley
 
080312 Ict Hub Risk Management
080312 Ict Hub Risk Management080312 Ict Hub Risk Management
080312 Ict Hub Risk Management
Mark Walker
 
Security And Ethical Challenges Of Infornation Technology
Security And Ethical Challenges Of Infornation TechnologySecurity And Ethical Challenges Of Infornation Technology
Security And Ethical Challenges Of Infornation Technology
paramalways
 
S nandakumar
S nandakumarS nandakumar
S nandakumar
IPPAI
 
S nandakumar_banglore
S nandakumar_bangloreS nandakumar_banglore
S nandakumar_banglore
IPPAI
 

Similar to How to apply risk management to IT (20)

Integrating Physical And Logical Security
Integrating Physical And Logical SecurityIntegrating Physical And Logical Security
Integrating Physical And Logical Security
 
Challenges in implementating cyber security
Challenges in implementating cyber securityChallenges in implementating cyber security
Challenges in implementating cyber security
 
Causes And Consequences Of Data Leakage
Causes And Consequences Of Data LeakageCauses And Consequences Of Data Leakage
Causes And Consequences Of Data Leakage
 
IT system security principles practices
IT system security principles practicesIT system security principles practices
IT system security principles practices
 
Cs461 06.risk analysis (1)
Cs461 06.risk analysis (1)Cs461 06.risk analysis (1)
Cs461 06.risk analysis (1)
 
Database development and security certification and accreditation plan pitwg
Database development and security certification and accreditation plan pitwgDatabase development and security certification and accreditation plan pitwg
Database development and security certification and accreditation plan pitwg
 
080312 Ict Hub Risk Management
080312 Ict Hub Risk Management080312 Ict Hub Risk Management
080312 Ict Hub Risk Management
 
Critical Water and Wastewater Data Security
Critical Water and Wastewater Data SecurityCritical Water and Wastewater Data Security
Critical Water and Wastewater Data Security
 
Overview
OverviewOverview
Overview
 
Security And Ethical Challenges Of Infornation Technology
Security And Ethical Challenges Of Infornation TechnologySecurity And Ethical Challenges Of Infornation Technology
Security And Ethical Challenges Of Infornation Technology
 
Guard Era Security Overview Preso (Draft)
Guard Era Security Overview Preso (Draft)Guard Era Security Overview Preso (Draft)
Guard Era Security Overview Preso (Draft)
 
1 - HKT Reporting.pdf
1 - HKT Reporting.pdf1 - HKT Reporting.pdf
1 - HKT Reporting.pdf
 
ISACA ISSA Presentation
ISACA ISSA PresentationISACA ISSA Presentation
ISACA ISSA Presentation
 
Assignment 1
Assignment 1Assignment 1
Assignment 1
 
S nandakumar
S nandakumarS nandakumar
S nandakumar
 
S nandakumar_banglore
S nandakumar_bangloreS nandakumar_banglore
S nandakumar_banglore
 
Active Network Monitoring brings Peace of Mind
Active Network Monitoring brings Peace of MindActive Network Monitoring brings Peace of Mind
Active Network Monitoring brings Peace of Mind
 
Sarwono sutikno nisd2013 - transforming cybersecurity
Sarwono sutikno nisd2013 - transforming cybersecuritySarwono sutikno nisd2013 - transforming cybersecurity
Sarwono sutikno nisd2013 - transforming cybersecurity
 
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
 
Cyber Security Ingram 2022.pptx
Cyber Security Ingram 2022.pptxCyber Security Ingram 2022.pptx
Cyber Security Ingram 2022.pptx
 

Recently uploaded

PARK STREET 💋 Call Girl 9827461493 Call Girls in Escort service book now
PARK STREET 💋 Call Girl 9827461493 Call Girls in Escort service book nowPARK STREET 💋 Call Girl 9827461493 Call Girls in Escort service book now
PARK STREET 💋 Call Girl 9827461493 Call Girls in Escort service book now
kapoorjyoti4444
 
Call 7737669865 Vadodara Call Girls Service at your Door Step Available All Time
Call 7737669865 Vadodara Call Girls Service at your Door Step Available All TimeCall 7737669865 Vadodara Call Girls Service at your Door Step Available All Time
Call 7737669865 Vadodara Call Girls Service at your Door Step Available All Time
gargpaaro
 
Nashik Call Girl Just Call 7091819311 Top Class Call Girl Service Available
Nashik Call Girl Just Call 7091819311 Top Class Call Girl Service AvailableNashik Call Girl Just Call 7091819311 Top Class Call Girl Service Available
Nashik Call Girl Just Call 7091819311 Top Class Call Girl Service Available
pr788182
 
Chennai Call Gril 80022//12248 Only For Sex And High Profile Best Gril Sex Av...
Chennai Call Gril 80022//12248 Only For Sex And High Profile Best Gril Sex Av...Chennai Call Gril 80022//12248 Only For Sex And High Profile Best Gril Sex Av...
Chennai Call Gril 80022//12248 Only For Sex And High Profile Best Gril Sex Av...
pujan9679
 
Only Cash On Delivery Call Girls In Sikandarpur Gurgaon ❤️8448577510 ⊹Escorts...
Only Cash On Delivery Call Girls In Sikandarpur Gurgaon ❤️8448577510 ⊹Escorts...Only Cash On Delivery Call Girls In Sikandarpur Gurgaon ❤️8448577510 ⊹Escorts...
Only Cash On Delivery Call Girls In Sikandarpur Gurgaon ❤️8448577510 ⊹Escorts...
lizamodels9
 
UAE Bur Dubai Call Girls ☏ 0564401582 Call Girl in Bur Dubai
UAE Bur Dubai Call Girls ☏ 0564401582 Call Girl in Bur DubaiUAE Bur Dubai Call Girls ☏ 0564401582 Call Girl in Bur Dubai
UAE Bur Dubai Call Girls ☏ 0564401582 Call Girl in Bur Dubai
jaehdlyzca
 

Recently uploaded (20)

QSM Chap 10 Service Culture in Tourism and Hospitality Industry.pptx
QSM Chap 10 Service Culture in Tourism and Hospitality Industry.pptxQSM Chap 10 Service Culture in Tourism and Hospitality Industry.pptx
QSM Chap 10 Service Culture in Tourism and Hospitality Industry.pptx
 
PARK STREET 💋 Call Girl 9827461493 Call Girls in Escort service book now
PARK STREET 💋 Call Girl 9827461493 Call Girls in Escort service book nowPARK STREET 💋 Call Girl 9827461493 Call Girls in Escort service book now
PARK STREET 💋 Call Girl 9827461493 Call Girls in Escort service book now
 
Call 7737669865 Vadodara Call Girls Service at your Door Step Available All Time
Call 7737669865 Vadodara Call Girls Service at your Door Step Available All TimeCall 7737669865 Vadodara Call Girls Service at your Door Step Available All Time
Call 7737669865 Vadodara Call Girls Service at your Door Step Available All Time
 
Horngren’s Cost Accounting A Managerial Emphasis, Canadian 9th edition soluti...
Horngren’s Cost Accounting A Managerial Emphasis, Canadian 9th edition soluti...Horngren’s Cost Accounting A Managerial Emphasis, Canadian 9th edition soluti...
Horngren’s Cost Accounting A Managerial Emphasis, Canadian 9th edition soluti...
 
Buy gmail accounts.pdf buy Old Gmail Accounts
Buy gmail accounts.pdf buy Old Gmail AccountsBuy gmail accounts.pdf buy Old Gmail Accounts
Buy gmail accounts.pdf buy Old Gmail Accounts
 
Nanded Call Girl Just Call 8084732287 Top Class Call Girl Service Available
Nanded Call Girl Just Call 8084732287 Top Class Call Girl Service AvailableNanded Call Girl Just Call 8084732287 Top Class Call Girl Service Available
Nanded Call Girl Just Call 8084732287 Top Class Call Girl Service Available
 
Berhampur 70918*19311 CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
Berhampur 70918*19311 CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDINGBerhampur 70918*19311 CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
Berhampur 70918*19311 CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
 
Berhampur Call Girl Just Call 8084732287 Top Class Call Girl Service Available
Berhampur Call Girl Just Call 8084732287 Top Class Call Girl Service AvailableBerhampur Call Girl Just Call 8084732287 Top Class Call Girl Service Available
Berhampur Call Girl Just Call 8084732287 Top Class Call Girl Service Available
 
Nashik Call Girl Just Call 7091819311 Top Class Call Girl Service Available
Nashik Call Girl Just Call 7091819311 Top Class Call Girl Service AvailableNashik Call Girl Just Call 7091819311 Top Class Call Girl Service Available
Nashik Call Girl Just Call 7091819311 Top Class Call Girl Service Available
 
Lundin Gold - Q1 2024 Conference Call Presentation (Revised)
Lundin Gold - Q1 2024 Conference Call Presentation (Revised)Lundin Gold - Q1 2024 Conference Call Presentation (Revised)
Lundin Gold - Q1 2024 Conference Call Presentation (Revised)
 
HomeRoots Pitch Deck | Investor Insights | April 2024
HomeRoots Pitch Deck | Investor Insights | April 2024HomeRoots Pitch Deck | Investor Insights | April 2024
HomeRoots Pitch Deck | Investor Insights | April 2024
 
Falcon Invoice Discounting: The best investment platform in india for investors
Falcon Invoice Discounting: The best investment platform in india for investorsFalcon Invoice Discounting: The best investment platform in india for investors
Falcon Invoice Discounting: The best investment platform in india for investors
 
Chennai Call Gril 80022//12248 Only For Sex And High Profile Best Gril Sex Av...
Chennai Call Gril 80022//12248 Only For Sex And High Profile Best Gril Sex Av...Chennai Call Gril 80022//12248 Only For Sex And High Profile Best Gril Sex Av...
Chennai Call Gril 80022//12248 Only For Sex And High Profile Best Gril Sex Av...
 
Cuttack Call Girl Just Call 8084732287 Top Class Call Girl Service Available
Cuttack Call Girl Just Call 8084732287 Top Class Call Girl Service AvailableCuttack Call Girl Just Call 8084732287 Top Class Call Girl Service Available
Cuttack Call Girl Just Call 8084732287 Top Class Call Girl Service Available
 
Bangalore Call Girl Just Call♥️ 8084732287 ♥️Top Class Call Girl Service Avai...
Bangalore Call Girl Just Call♥️ 8084732287 ♥️Top Class Call Girl Service Avai...Bangalore Call Girl Just Call♥️ 8084732287 ♥️Top Class Call Girl Service Avai...
Bangalore Call Girl Just Call♥️ 8084732287 ♥️Top Class Call Girl Service Avai...
 
Only Cash On Delivery Call Girls In Sikandarpur Gurgaon ❤️8448577510 ⊹Escorts...
Only Cash On Delivery Call Girls In Sikandarpur Gurgaon ❤️8448577510 ⊹Escorts...Only Cash On Delivery Call Girls In Sikandarpur Gurgaon ❤️8448577510 ⊹Escorts...
Only Cash On Delivery Call Girls In Sikandarpur Gurgaon ❤️8448577510 ⊹Escorts...
 
Getting Real with AI - Columbus DAW - May 2024 - Nick Woo from AlignAI
Getting Real with AI - Columbus DAW - May 2024 - Nick Woo from AlignAIGetting Real with AI - Columbus DAW - May 2024 - Nick Woo from AlignAI
Getting Real with AI - Columbus DAW - May 2024 - Nick Woo from AlignAI
 
UAE Bur Dubai Call Girls ☏ 0564401582 Call Girl in Bur Dubai
UAE Bur Dubai Call Girls ☏ 0564401582 Call Girl in Bur DubaiUAE Bur Dubai Call Girls ☏ 0564401582 Call Girl in Bur Dubai
UAE Bur Dubai Call Girls ☏ 0564401582 Call Girl in Bur Dubai
 
Putting the SPARK into Virtual Training.pptx
Putting the SPARK into Virtual Training.pptxPutting the SPARK into Virtual Training.pptx
Putting the SPARK into Virtual Training.pptx
 
Unveiling Falcon Invoice Discounting: Leading the Way as India's Premier Bill...
Unveiling Falcon Invoice Discounting: Leading the Way as India's Premier Bill...Unveiling Falcon Invoice Discounting: Leading the Way as India's Premier Bill...
Unveiling Falcon Invoice Discounting: Leading the Way as India's Premier Bill...
 

How to apply risk management to IT

  • 1. How to apply Risk Management to IT
  • 2. What is a Risk A likeliness a loss occurs
  • 4. Risk of <loss or damage to asset> due to <event> caused by <cause>
  • 5. Event: Power Outage Control: Vulnerability: UPS Poor maintenance Impact: Datacenter outage Risk of loss of datacenter services due to power outage caused by poor UPS maintenance
  • 6. Budget overruns Delays Poor quality Ineffective change management Financial, Configuration issues Operational Unauthorized access Malware Virus attacks Website attacks Poor patch management Security Utilities failure Natural disasters Physical Labor strikes Infrastructure Obsolete technology Theft Inflexible architecture IT Risk Categories Staffing Compliance Operations Non compliance with SOX, Law, Data Privacy, Licence contracts Loss of key IT resources Inability to recruit staff Mismatch of skills Human errors Breakdown processes Outsourcing Poor service levels Data leakage, lack of support
  • 7. (1) Risk 4 Phases Identification (4) Risk (2) Risk Monitoring Assessment (3) Risk Mitigation
  • 8. 4 Phases (1) Risk Identification Identify all potential risks Examples Monitoring Assessment Hard disk failure Malware Spyware Mitigation Other hardware failure Theft Loss internet connectivity
  • 9. (2) Risk 4 Phases Assessment Map identified risks Monitoring Assessment Mitigation
  • 10. 4 Phases (3) Risk Mitigation 4 risk mitigation strategies Define per risk strategy measures to reduce risk Risk Mitigation Strategies Identified and assessed risks Avoid risk by Reduce risk by Hard disk failure Accept risk? Remaining risk level Backup Malware Transfer risk by Malware software Theft Spyware Monitoring Other hardware failure Loss of internet connectivity Insurance Spyware Assessment accept accept
  • 11. 4 Phases (4) Risk Monitoring A risk can never be completely eliminated. It can only be managed Identified and assessed risks Risk Mitigation Hard disk failure Backup Malware Malware software Theft Insurance Spyware Spyware Other hardware failure Loss of internet connectivity Monitoring Risk Monitoring activity Check correct and completeness of backup Regular restore Check validity insurance Check regular anti spyware updates and check correct and complete execution Assessment
  • 12. Risk Management tips • Build multidisciplinair teams to identify, assess, mitigate and monitor risks from different perspectives • Use brainstorming techniques to identify risks and to mitigate risks • Define risk mitigation measures based on the four strategies (avoid, reduce, transfer, accept) starting from the highest risks • Weave risk management activities in the daily project and service management practices and tooling
  • 14. The mystery behind on time, on budget and meeting customer expectation projects or services ?
  • 16. Thank You More questions or remarks Feel free to contact me be.linkedin.com/in/johnbun riskmanagement@johnbun.com