{"id":147,"date":"2020-04-15T19:55:07","date_gmt":"2020-04-15T19:55:07","guid":{"rendered":"http:\/\/www.cyberlaws.org\/?p=147"},"modified":"2020-05-26T00:09:04","modified_gmt":"2020-05-26T00:09:04","slug":"information-technology-it-risk-management","status":"publish","type":"post","link":"https:\/\/www.cyberlaws.org\/information-technology-it-risk-management\/","title":{"rendered":"INFORMATION TECHNOLOGY (IT) RISK MANAGEMENT"},"content":{"rendered":"<div class=\"art-postcontent clearfix\">\n<p style=\"text-align: justify;\"><strong>INFORMATION TECHNOLOGY (IT) RISK MANAGEMENT<\/strong><\/p>\n<p style=\"text-align: justify;\"><strong>\u00a0<\/strong><strong>What is Risk?<\/strong><\/p>\n<p style=\"text-align: justify;\">Risk is any unwanted event which impact organisation\u2019s objectives to attain business goal.<\/p>\n<p style=\"text-align: justify;\">There are various type of business risk exists in any organisation<\/p>\n<ul style=\"text-align: justify;\">\n<li>Strategic Risk<\/li>\n<li>Operational Risk<\/li>\n<li>Financial Risk<\/li>\n<li>Compliance Risk<\/li>\n<\/ul>\n<p style=\"text-align: justify;\">Risk Management is a process of Identifying, analysis and evaluating the organisations risks and then providing appropriate controls in order to mitigate the risk.<\/p>\n<p style=\"text-align: justify;\"><strong>What is IT Risk?<\/strong><\/p>\n<p style=\"text-align: justify;\">In this digital age most of the businesses are using Information Technology. Hence IT is playing very pivotal role in many businesses.<\/p>\n<p style=\"text-align: justify;\">If any organisation use IT to manage their business, it is very important to understand and identify risk related to their information systems and data, then to manage and reduce the risk, and develop a response plan in the case of any IT crisis.<\/p>\n<p style=\"text-align: justify;\">Nowadays business have regulatory and legal compliance obligations in relation to data privacy, electronics transitions and staff training which are the factors which can influence IT Risk Management strategies.<\/p>\n<p style=\"text-align: justify;\">Main IT risks include software and hardware failure, malicious and virus attacks, humanerrors, misconfigurations as well as natural disaster like flood,fire earthquake and cyclones.<\/p>\n<p style=\"text-align: justify;\"><strong>General IT Risk<\/strong><\/p>\n<p style=\"text-align: justify;\">These Risk can be subcategorised further:<\/p>\n<ul style=\"text-align: justify;\">\n<li><strong>Hardware and software failure<\/strong>\u00a0\u2013 Abuse of rights and Corruption of data ,Electromagnetic radiation ,loss of power supply<\/li>\n<li><strong>Malware<\/strong>\u00a0\u2013 malicious software designed to disrupt computer operation<\/li>\n<\/ul>\n<ul style=\"text-align: justify;\">\n<li><strong>Viruses<\/strong>\u00a0\u2013 computer code that can copy itself and spread from one computer to another, often disrupting computer operations<\/li>\n<li><strong>Spam, scams and phishing<\/strong>\u00a0\u2013 unsolicited email that seeks to fool people into revealing personal details or buying fraudulent goods<\/li>\n<li><strong>Human error<\/strong>\u2013error in data processing, data disposal errors, or accidental opening of infected email attachments.<\/li>\n<\/ul>\n<h3 style=\"text-align: left;\"><strong>NATURAL DISASTERS\u00a0<\/strong>SUCH AS FIRE, EARTHQUAKE, CYCLONE AND FLOODS ALSO ACTS AS RISK TO IT INFRASTRUCTURE. IN ABSENCE OF BUSINESS CONTINUITY PLAN, IT MAY LEAD TO DATA LOSS, CORRUPTION IN DATA RECORDS AND UNAVAILABILITY OF IT SERVICES TO THE CUSTOMERS.<\/h3>\n<p style=\"text-align: justify;\"><strong>How to Manage Information Security Risk?<\/strong><\/p>\n<p style=\"text-align: justify;\">Management of IT risk involves a series of activities in this chronological order:<\/p>\n<ul style=\"text-align: justify;\">\n<li>Risk Identification<\/li>\n<li>Risk Assessment<\/li>\n<li>Risk Mitigation<\/li>\n<li>Development of Response Plan<\/li>\n<li>Review of Risk Management procedures<\/li>\n<\/ul>\n<p style=\"text-align: justify;\"><strong>How to reduce Information Technology Risk?<\/strong><\/p>\n<p style=\"text-align: justify;\">There are lots of risks and threats on business which can impact IT Operations. Applying appropriate measures will protect the IT system through unauthorised access.<\/p>\n<p style=\"text-align: justify;\">Few steps to improve IT Security<\/p>\n<ol style=\"text-align: justify;\">\n<li>Proper access control to computer, servers, networks and Wi-Fi.<\/li>\n<li>Using strong password<\/li>\n<li>Encryption of critical data<\/li>\n<li>Using firewall. IDS ,IPS on the network<\/li>\n<li>Update software and antivirus with latest patches.<\/li>\n<li>Data backup for all the critical data<\/li>\n<li>Information security training and awareness to the staff<\/li>\n<li>Using secure software developments processes.<\/li>\n<li>Implementing SSL for secure online communication.<\/li>\n<li>Last but not the least having Cyber Security Insurance.<\/li>\n<\/ol>\n<p style=\"text-align: justify;\"><strong>\u00a0<\/strong>Few famous standards and frameworks which can help organisations to mitigate IT risks are:<\/p>\n<ul style=\"text-align: justify;\">\n<li>ISO 31000<\/li>\n<li>COBIT<\/li>\n<li>COSO<\/li>\n<li>NIST Risk Management Framework<\/li>\n<li>ISO 27001<\/li>\n<li>ISO 27005<\/li>\n<\/ul>\n<p style=\"text-align: justify;\">For any organisation risk identification is the first step for risk mitigation. An undetected risk is the most dangerous thing, a treatment methodology can be only be implemented once the risk is identified. Organisation need a right approach and skilled workforce to this job.Step by Step risk management process will help organisation\u2019s to mitigate IT related risk and get an effective and efficient IT system to achieve business goals.<\/p>\n<\/div>\n<div class=\"art-postfootericons art-metadata-icons\" style=\"text-align: left;\"><span class=\"art-postcategoryicon\"><span class=\"categories\">Posted in<\/span>\u00a0cybersecurity,\u00a0featured,\u00a0RISK MANAGEMENT<\/span>\u00a0|\u00a0<span class=\"art-posttagicon\"><span class=\"tags\">Tagged<\/span>\u00a0Compliance,\u00a0data,\u00a0IT,\u00a0Risk,\u00a0Security<\/span><\/div>\n","protected":false},"excerpt":{"rendered":"<p>INFORMATION TECHNOLOGY (IT) RISK MANAGEMENT \u00a0What is Risk? Risk is any unwanted event which impact organisation\u2019s objectives to attain business goal. There are various type of business&#8230; <\/p>\n","protected":false},"author":1,"featured_media":148,"comment_status":"closed","ping_status":"closed","sticky":true,"template":"","format":"standard","meta":[],"categories":[3],"tags":[16,40,78,15,50],"_links":{"self":[{"href":"https:\/\/www.cyberlaws.org\/wp-json\/wp\/v2\/posts\/147"}],"collection":[{"href":"https:\/\/www.cyberlaws.org\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cyberlaws.org\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cyberlaws.org\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cyberlaws.org\/wp-json\/wp\/v2\/comments?post=147"}],"version-history":[{"count":3,"href":"https:\/\/www.cyberlaws.org\/wp-json\/wp\/v2\/posts\/147\/revisions"}],"predecessor-version":[{"id":408,"href":"https:\/\/www.cyberlaws.org\/wp-json\/wp\/v2\/posts\/147\/revisions\/408"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.cyberlaws.org\/wp-json\/wp\/v2\/media\/148"}],"wp:attachment":[{"href":"https:\/\/www.cyberlaws.org\/wp-json\/wp\/v2\/media?parent=147"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cyberlaws.org\/wp-json\/wp\/v2\/categories?post=147"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cyberlaws.org\/wp-json\/wp\/v2\/tags?post=147"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}