Risk is always a factor incorporated in all the factors we see around, and business is never an exception. In our day-to-day life, risks are always categorized as something which could happen anytime, for which everyone should be ready to face.
Risk is the same for a business too. Risks could take any form, and could affect the business in a quite unexpected way. It is up to the organization to plan the approach on any risks that could occur. This is where the risk management comes into picture. Risk management involves 5 different phases where the risk could be
1. Accepted
2. Avoided
3. Transferred
4. Mitigated
5. Exploited
As per ISO 27001, the risk management process follows the below process as in the below flow-chart.
Now-a-days almost all business focus on the service perspective of their business, where they are bound to provide a good customer service. In this perspective, the security factor - availability plays a key factor. So the business should be ready with an effective risk management plan. The business is always answerable to their customers and clients and should have a stipulated plan in place.
Now that we have discussed the part risk management plays in the IT side of business (Service); the same plays a much more crucial role in the core business as well. For example, in a telecom industry, the core business is to provide the customers the telecom services. So the prime focus of the telecom companies would be to manage the risks related to their core business - which in this case is the telecom business. An effective risk management process which includes the risk identification, risk assessment and risk action (risk mitigation) plan should be in place. At the same time IT plays as a enabling and enhancement service for any industry. In order to ensure that the IT services are functioning without any impact to the customers, the risk management should be extended on to the IT area too. It would be pretty difficult to map the cost invested onto IT for risk management and so, on to the Return on Investment (ROI); which in fact is forcing the major non-IT businesses to invest in IT Risk management. But they should really understand the importance of the same, and should have effective risk management in place which maps their IT with the key business areas.
Comentários