Need for Effective Implementation and Continuous Improvement on Holistic IT Governance, Risk Management, Security and Privacy

Holistic Information Technology Governance 

Information governance is a holistic approach to managing corporate information by implementing processes,roles, controls and metrics that treat information as a valuable business asset.

The goal of a holistic approach to information governance is to make information assets available to those who need it, while streamlining management, reducing storage costs and ensuring compliance.  This, in turn, allows the company to reduce the legal risks associated with unmanaged or inconsistently managed information and be more agile in response to a changing marketplace.

An important goal of information governance is to provide employees with data they can trust and easily access while making business decisions. In many organizations, responsibilities for data governance tasks are split among security, storage and database teams. Often, the need for a holistic approach to managing information does not become evident until a major event occurs such as a lawsuit, compliance audit or corporate merger.

Source: http://searchcompliance.techtarget.com/definition/information-governance

Risk Management 

Every business is prone to risk is everyday operations. Risks can be analyzed through scenario analysis, which involves the study of possible future happenings. The approach places risk into three probabilities; the probability of the occurrence, the probable loop holes and the probable impact.

risk-management

Risk management is the act of identifying the potential risks and developing strategies to decrease their chances or eliminating them altogether. Here’s a list of the possible risks that a business can face.

1. Health and safety

There are health and safety risks for all businesses. For example, a customer or an employee can slip on a wet floor. An employee with an infected disease can prevent harm to the co-workers, and an overtime shift of employees can lead to headaches. Therefore, risk management is important for every type of business.

2. Financial risks

Financial risks are mostly faced by financial institutions. According to J.P Morgan, one of the major reasons of sub-prime mortgage crises was poor risk management. Small and large companies are at a risk of client confidence, bankruptcy and dissolution of the business. These financial risks can be avoided through a sound strategy.

3. Legal risks

Legal risks are present for any business, and they can expose the business to big financial penalties. Arthur Andersen, the accountancy firm, lost the trust of its clients and investors due to the Enron debacle. Many partners and employees also resigned.

Businesses may be overwhelmed as all risks are a priority. So how does a business owner manage all the risks taking into consideration the budgetary constraints? The idle solution lies in enterprise risk management, which is a holistic risk management solution. Professional risk management strategies are also available for businesses such asLexisNexis risk management. All risk management solutions and strategies include these 3 processes.

1. Identification and assessment of risks

After taking the service of a professional company, the senior authorities have to agree to the process. It’s importance to identify those risks for the organization that are talked about but not documented. Identification will require carrying out different processes and activities such as holding workshops and meetings among employees and management. This will allow for the input of those who may have documented variety of risks.

2. Creating a strategy

After the risk has been identified, a strategy is going to be required. Enterprise diversification strategy requires creating backups in perfect correlation. Risks will also be prioritized depending on the extent of harm they can cause during strategic planning.

3. Regular reviews

Risk management needs to be a long term process with frequent reviews of the strategy designed to reduce or eliminate the risks. Through regular reviews, the risk management company and business can find out whether the strategy needs to be revised or not. It’s also important for businesses to consider it as a part or the overall planning and decision-making.

Risk management can have a positive effect on the overall image of the company. It also improves the decision-making process and leads to the efficient use of resources, leading to higher revenue in the long run

Source: http://gettingmoneywise.com/2013/01/what-is-risk-management-and-why-do-we-need-it.html

Security and Privacy

The purpose of information security management is to ensure business continuity and reduce business damage by preventing and minimising the impact of security incidents. The Audit Commission Update report (1998) shows that fraud or cases of IT abuse often occur due to the absence of basic controls, with one half of all detected frauds found by accident. An Information Security Management System (ISMS) enables information to be shared, whilst ensuring the protection of information and computing assets.

The Audit Commission Update report shows that in the UK the percentage of organizations reporting incidents of IT fraud and abuse in 1997 rose to 45% from 36% in 1994. While equipment theft is a real problem, the most damaging aspect is the loss of data and software. Sources of damage such as computer viruses, computer hacking and denial of service attacks have become more common, more ambitious and increasingly sophisticated. The internet exposes organizations to an increased risk that networks will be accessed improperly, data corrupted and viruses introduced. The percentage of organizations reporting hacking incidents has trebled, with telephone systems as a new target. Not all breaches are the result of crime; inadvertent misuse and human error play their part too. Virus infections are still the single most prevalent form of abuse. More commonplace and just as destructive as crime, are threats like fire, system crashes, and power cuts.

Poor supervision of staff and lack of proper authorization procedures are frequently highlighted as the main causes of security incidents. Companies vary in their approach to preventing security breaches: some prohibit everything, making mundane access tasks difficult; others are too lax and permit access to all by all, exposing themselves to a high degree of risk. Business efficiency relies on the right balance and this is where standards can help.

Dependence on information systems and services means organizations are more vulnerable to security threats. The interconnecting of public and private networks and sharing of information resources increases the difficulty of achieving access control. The trend for distributed computing has weakened the effectiveness of central, specialist control.

Source: http://shop.bsigroup.com/Browse-By-Subject/ICT/Information-security-standards-and-publications/Why-is-information-security-needed/

-Geraldine Kaye Merdrocillo

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s