ArabianBusiness.com - Middle East Business News
Wednesday, 03 December 2008 03:47 UAE time

YOUR DIRECTORY /

Print this page Print this page | Email this to a friend Email this to a friend | Discuss this article (0 Comments) |

Managing risk in the information age

by ArabianBusiness.com staff writer  on Thursday, 06 September 2007
Johnny Karam, regional enterprise sales manager at Symantec.
Johnny Karam, regional enterprise sales manager at Symantec.

Breaches or failures of information systems cause serious business crises - reputation damage caused by identify theft, business losses stemming from system failures, and regulatory restrictions arising from compliance issues. Recent news has prominently covered many major stories of information technology risk, including phishing scams, theft of personally identifiable data records, identity theft, stolen backup tapes, litigation resulting from improper preservation and production of electronic records, and intellectual property breaches.

The rate of recovery from these events is a contributing factor in the severity of the business crises. A recent study by Oxford Executive Research found that companies that recovered quickly from major operational disasters increased their share price by five percent on average versus the market. Companies that struggled to regain their operations took a 20% drop in relative value. From this research, it appears that investors factor a company's resilience to adversity into its stock price. It is clear to see why corporate executives in boardrooms around the world want solutions to the IT risk problem.

The solution lies in treating information technology risk within the integrated framework of business risk management. IT risks need to be identified, measured and managed as part of a single view of all risks in the corporation, with oversight by senior management to understand and guide the appropriate risk/reward trade-offs to achieve the goal of increasing return on IT investments. The name for this approach to managing and balancing information risk and reward is IT risk management.

Story continues below
advertisement

IT Risk Management

Most companies have a poor awareness of their IT risk exposure, are not fully exploiting the breadth of tools to manage these risks, and have not begun to systematically build the knowledge and processes to manage IT risks.

The struggle is due in part because IT risk management is a newly emerging field, where the traditional models of risk management do not always cleanly apply. Typically, businesses only have a vague understanding of the impact of the loss of information assets or access to their applications. For example, the ability to transfer risk is a fundamental concept in financial risks; however, since liquid markets do not yet exist for buying and selling IT risks, companies must build the internal competence to manage these risks on their own.

Another example of the difference is that IT risks are more challenging to quantify. In IT, the kind of well-developed statistical or actual models that assess financial risk and give it a reasonable level of precision do not yet exist. However, "roughly right" approaches based on experience still yield accurate, valuable and usable measures of IT risk. Going from current to best-practice IT risk assurance could yield substantial improvements to shareholder value. In order to lead this transformation to best-practice IT risk assurance, business leaders should:

1. Develop an awareness of the nature of the different IT risks to the business;

2. Determine the quantified impact to their business resulting from the loss of information or access to applications;

3. Understand the range of tools available to manage IT risks;

4. Align the costs of IT risk management to the business value;

5. Build a systematic, corporate capability to manage security risk.


next page »
Page 1 of 2

Print Print | Email Email | Discuss this article |


READERS' COMMENTS



Click here to post a comment


Add your Comment
All posts are sent to the administrator for review and are published only after approval. ArabianBusiness.com reserves the right to remove any comment at any time for any reason. Please keep your responses appropriate and on topic.
Name *
Remember me on this computer
Email *
(Your email address will not be published)
City
Country
Subject *
Comment *
Notify me of further comments
Security Code * Code


Please click post only once - your comment will not be published immediately.


MORE FROM ARABIANBUSINESS.COM

TOP IN MIDDLE EAST TECHNOLOGY

  1. Software boost as ID card registration rush continues
  2. I-Mate not going under, CEO says
  3. Orascom announces nine-month profit of $345mn
  4. Qtel unit wins Oman fixed-line phone licence

TOP MIDDLE EAST BUSINESS STORIES

  1. Somali president accuses Islamists of being behind piracy
  2. New evidence fingers suspects in Hariri killing: UN report
  3. Qatar Real Estate in $275mn Islamic financing deal
  4. Kurdish authorities stand by foreign oil contracts
  5. UN renews right to use force against Somali pirates

ALSO IN MIDDLE EAST TECHNOLOGY

  1. DIFC publishes Electronic Transaction Law
  2. On the move
  3. Right connections
  4. Avaya connects Atlantis resort
  5. du introduces 'flat rate' for GCC roaming

LATEST MIDDLE EAST BUSINESS FEATURES

  1. Travel & Hospitality: Bless the brands down in Africa
  2. Technology: Right connections
  3. Technology: On the move
  4. Healthcare: Road map to regulation
  5. Technology: Data fortress
From  Current Issue

RELATED STORIES

Gitex Dubai 2007
3 stories
  1. Banned toxic chemicals in iPhone
    16 Oct '07 | News
  2. Talking your way to the top
    13 Sep '07 | Interviews
  3. GITEX 2007 a great success, says DWTC
    13 Sep '07 | News
Symantec
| 114 stories
  1. A chat with Thompson
    16 Nov '08 | Interviews
  2. The Spam Report, November 2008
    6 Nov '08 | Features
  3. Con game, blame game
    27 Oct '08 | Features

RELATED LINKS

  1. Symantec»
Related links open in a new window and are not endorsed by ArabianBusiness.com.

 EMAIL ALERTS

  1. Symantec

  2. Technology



MOST POPULAR TECHNOLOGY STORIES

EMIRATES ID DOWNLOAD

READER COMMENTS

Read all user comments >

BUSINESS FEATURES

Widget this!

Widgets are little boxes on your desktop that allow you to get the most out of your user-experience.

My precious

The region's IT managers on what piece of technology they or their organisation could not live without.

Nortel steps up

The networking solutions provider is increasing its focus on managed services and green technology.

BUSINESS INTERVIEWS

Global vision

Qtel's CEO on the transition from being an incumbent operator in just one country to a global heavyweight.

Interview: Scott McNealy, Sun Microsystems

Scott McNealy, chairman and co-founder of Sun Microsystems, made his first visit to the UAE for 14 years.

SAP in the mix

ACN asks a number of IT professionals if they have used SAP's products in the past or will in the future.

MORE FROM ARABIANBUSINESS.COM

JOBS

Jobs

SPECIAL REPORTS

Special Reports

SURVEYS & REPORTS

Research

PROPERTY

property