The recently released IT Risk Management Report Volume II, published by security vendor Symantec, notes that while the awareness of the importance of IT risk management (ITRM) is on the upswing, several potentially damaging myths still exist.
"These can lead to potential system failures and impact business continuity," says Samir Kapuria, managing director of Symantec Advisory Services.
Based on surveys with 405 IT professionals, the Symantec study analyzes and dispels four myths commonly associated with IT risk:
That IT risk management is focused only on security.
That risk management is project driven.
That technology alone can manage IT risk.
That risk management has already become a formal discipline.
"Risk management is now more balanced than it has been in the past," says Kapuria. "There's a portfolio approach. It involves compliance, performance and availability as well as security. Today businesses are depending on IT to conduct day-to-day business so availability is critical."
The idea that ITRM is project driven is also fallacious, Kapuria says, given the changing landscape businesses face today and the ongoing possibility for a major problem. "Sixty-five percent of those surveyed expect a major outage once a year and at least 10 minor failures a year," he notes.
Instead of a project approach, ITRM should be seen as an ongoing process.
Moreover, process controls, and not the technology itself, are needed to manage risk effectively, Kapuria continues. He notes that 53% of ITRM problems result from process issues. "The irony is that process controls such as training and awareness are the most effective ways of dealing with this, yet only about 40% of the respondents rate their training and awareness programs as effective."
Finally, the report shows that ITRM is evolving from what was thought of as a formal discipline or science to an evolving business discipline—one Kapuria says, that should be managed on a senior, or "C" level, and possibly by the board. "At the end of the day, business and not just IT owns the risk," he asserts.
Only registered users can write comments. Please login or register.