RISK MANAGEMENT IN INFORMATION TECHNOLOGY PROJECTS

Risk Management in Information Technology Projects



Risk Management in Information Technology Projects

Background

An understanding of risk and the application of risk assessment methodology is essential to being able to efficiently and effectively create a secure computing environment. Unfortunately, this is still a challenging area for information professionals due to the rate of change in technology, the relatively recent advent and explosive growth of the Internet, and perhaps the prevalence of the attitude (or reality) that assessing risk and identifying return on investment is simply too hard to do.

Research Objectives

The purpose of this study is to provide a better understanding of risks related to IT projects. This study will elaborate the reader about how to identify risks and their impact on IT projects.

Risk Management

Risk is the potential harm that may arise from some current process or from some future event. Risk is present in every aspect of our lives and many different disciplines focus on risk as it applies to them. From the IT security perspective, risk management is the process of understanding and responding to factors that may lead to a failure in the confidentiality, integrity or availability of an information system. IT security risk is the harm to a process or the related information resulting from some purposeful or accidental event that negatively impacts the process or the related information

Advantages of risk management in IT-projects

Mitigation is the most commonly considered risk management strategy. Mitigation involves fixing the flaw or providing some type of compensatory control to reduce the likelihood or impact associated with the flaw. A common mitigation for a technical security flaw is to install a patch provided by the vendor. Sometimes the process of determining mitigation strategies is called control analysis. Risk must also be communicated. Once risk is understood, risks and risk management strategies must be clearly communicated to organizational management in terms easily understandable to organizational management. Managers are used to managing risk, they do it every day.

Disadvantages of risk management in IT-projects

A flaw or weakness in system security procedures, design, implementation, or internal controls that could be exercised (accidentally triggered or intentionally exploited) and result in a security breach or a violation of the system's security policy. iv Notice that the vulnerability can be a flaw or weakness in any aspect of the system. Vulnerabilities are not merely flaws in the technical protections provided by the system. Significant vulnerabilities are often contained in the standard operating procedures that systems administrators perform, the process that the help desk uses to reset passwords or inadequate log review. Another area where vulnerabilities may be identified is at the policy level. For instance, a lack of a clearly defined security testing policy may be directly responsible for the lack of vulnerability scanning.

Methodology

Research Design

In a qualitative risk assessment, it is best not to use numbers when assessing risk. Managers, especially the senior level managers that make decisions concerning resource allocation, often assume more accuracy than is actually conveyed when reviewing a risk ...