eWeek - May 21, 2007

Strengthening Your

IT Risk Management Posture

As dependence on IT grows, IT risk is emerging as a agement. Not surprisingly, attendees defined risk in many significant component of the total business risk compa- different ways. However, most agreed that categories of nies face today. IT system failures are becoming synony- IT risk include: mous with business failures – and companies are realizing • Security – The risk that internal and external threats they must embrace a new approach to managing IT risk, may result in unauthorized access to information. performance, and cost in order to generate capacity for • Availability – The risk that information might be continued innovation through IT. inaccessible due to unplanned system outages.

While concern about IT risk is on the rise, confidence • Performance – The risk that information might be about current capability to manage IT risk is generally inaccessible due to performance bottlenecks.

quite low. In February 2007, Symantec published the • Compliance – The risk of violating regulatory manIT Risk Report, which analyzed results from a year long dates or failing to meet internal policy requirements. study based on interviews with more than 500 IT execu- Most companies noted that before they can address tives and professionals. Sixty percent of study participants IT risk, they must first assess risk exposure, quantify the indicated they expect at least one IT incident to affect impact of IT risks to the business, and prioritize invest-their organization every year. ments accordingly.

During the last eight months, Ziff Davis Media con- The stakes are high. “We can’t afford to be on the front ducted a series of IT executive round-table discussions, page of The Wall Street Journal,” said a vice president of sponsored by Symantec, to better understand the issues IT at a major financial institution. Indeed, companies companies are facing when dealing with IT Risk Man- are increasingly coming to realize that outages and