What’s the difference between a risk, a threat, and a vulnerability? This is worth knowing, because if you can spot the risks in your enterprise and mitigate or eliminate them, you might not have to worry about associated threats.
Risk assessment is already a vast subject and the pitfalls of risk assessment alone would probably fill a good-sized book.
What does a perfect storm make you think of – natural catastrophes, perhaps, like the one portrayed in the film “The Perfect Storm”, the risks confronting the Korean economy, or simply a situation you would rather avoid in the interests of business continuity?
IT has no shortage of four-letter words. It’s not clear what the latest variations on the “BYO” or “bring your own” theme add.
The man in question is Nassim N. Taleb. He coined the term “Black Swan” in risk management to describe events that are unforeseeable, even highly unlikely, yet that happen and in doing so change the course of history.
IT risk management can be a risk all by itself. Although the principles sound straightforward, applying them incorrectly can lead to wasted effort, mistakes in risk postures, and failing to spot relevant risks or changes in those risks.
When you shove things higgledy-piggledy into your desk drawer, just to clear space in your workspace, you have a quick solution, you also have a dirty solution, because trying to find the key to your filing cabinet will take you ages afterwards, and Yes, you’ve just experienced technical debt, first hand!
IT risk management is a common thread running through IT investments, IT security, IT disaster recovery, and business continuity.
It is easy to indulge in navel-gazing when it comes to business continuity. We examine your business, its components, its requirements, its objectives and the risks that could affect it.
Unsuspecting and easy to attack – users of public Wi-Fi spots are a hacker’s dream target. Cybercriminals don’t wear cat-burglar masks and striped t-shirts, so it may not be easy to see them. On the other hand, the smart user of a free Wi-Fi hotspot knows that he or she should assume that hackers are lying virtually in wait. The terrain can vary: coffee shops, airports, restaurants, libraries, bookstores, fast food outlets and even schools can all be dangerous. Unfortunately, statistics show that users in general, consumer or business, have a lot to learn if they want to bring their risk back down to reasonable levels.
Risk management is one of those areas that are too often “somebody else’s responsibility”. Whether through lack of knowledge or indifference, it gets shunted off somewhere else and replaced with an approach of “it’ll be alright on the night”. Unfortunately, it frequently isn’t. Like business continuity or information security awareness, risk management should ideally be everybody’s business and accepted by each member of an organisation as an individual as well as a collective responsibility. Risk management on a per-project basis can help move the needle in the desired direction.
If you’re wondering how much risk management should become part of your organisation’s rulebook, you may already be looking around to see who else is doing it. Insurers and bankers are obvious examples, because their businesses are centred on risk calculation, whether in terms of setting insurance premiums or defining credit interest rates. Many insurers are also ready to discuss risk management with potential customers in a variety of different industry sectors. These can range from agriculture and aviation to sports and transportation. However, there are other perhaps unexpected examples that show how far the concept of risk management has spread in general.