Wiser decisions with Risk IT

--Originally published at Diego's Password

In business today, risk plays a critical role. Almost every business decision requires executives and managers to balance risk and reward. Effectively managing the business risks is essential to an enterprise’s success.

IT Risk Management Frameworks, large concept right. Let’s brake it down in order to understand it. Risk, “a situation involving exposure to danger.” pretty simple. Management, “the process of dealing with or controlling things or people.” in this case risks. Framework, “an essential supporting structure of an object.” We think its getting a bit more clear. Concluding, there are information technology risks or danger situation in which people, in this case managers need to take decisions based on their analysis. Here’s where “framework” comes in. A program that evaluates these risks and helps with the process of taking a decision in the area of technology. Hope you liked this blog post!

 

giphy.gif

 

Ok… there’s more than that. We are going to review Risk IT. It is the first framework help enterprisers analyze and manage IT risks; we’ll link their presentation PDF here. Risk IT is based on five simple guiding principles.

  • You can set your business objectives with quantitative metrics and the framework will connect to them and help you make decisions based on them.
  • It’s able to implement other  more general risk management systems (Enterprise Risk Management, ERM) so that it can make a broader analysis.
  • It considers the benefits and costs of created by managing these risks, otherwise this same process.
  • Implements various communication tools into the system to that you can share content with your IT general module.

 

RiskIT-logo.jpg

 

One of the biggest problems with IT risk management, and it’s pretty logical and understandable. If we asks ourselves, who is the one in charge of risk management inside a company? We’ll probably answer

Risk-IT-VAL-IT-Full.jpg
Enterprise Management professional, right? That is not the problem, the problem comes when we add the IT key word to the equation. The people in charge of risk management and decision taking won’t know as much as we engineers do in our field, so their decision won’t be as wise as an IT and risk management professional. And that’s a fact. That is why a framework of this sort is so important. It is made thinking on the people that manages, thinking about the fact that they are not experts in the field. Risk IT presumes to have a super easy integration of both areas, plus as one of the previous points it can connect to the already existing ERM.

We know that we all are already convinced that it is necessary to have a framework of this sort, so lets just dive in a little bit more and research the options that accommodate our specific needs and start taking wiser decision. That is what we learned, the importance and even the concept cause we were in blank, hope you reader learned something as well.

We leaved this graphic that explains the position of and ERM system like this inside a company management environment. It’s barely readable but it’s very interesting.

 

Risk-IT-VAL-IT-Full.jpg

 

This blogpost was made in collaboration with my good friends and partner in Information Security Mario Ivan. I will leave his awesome blog linked here.