{"id":28630,"date":"2020-02-18T13:05:59","date_gmt":"2020-02-18T18:05:59","guid":{"rendered":"https:\/\/centricconsulting.com\/?p=28630"},"modified":"2021-12-15T00:17:16","modified_gmt":"2021-12-15T05:17:16","slug":"assessing-your-it-risk-profile","status":"publish","type":"post","link":"https:\/\/centricconsulting.com\/blog\/assessing-your-it-risk-profile\/","title":{"rendered":"Assessing Your IT Risk Profile"},"content":{"rendered":"
Part of a series.<\/a><\/em><\/p>\n For most people, risk is a part of life. Sometimes taking risks can even yield big rewards, whether it\u2019s buying a new stock or deciding to change jobs to pursue your dreams.<\/p>\n But for those of us who work in IT, taking risks rarely yields rewards. In fact, it can be disastrous. Consider security breaches that expose customers\u2019 private information, or data loss that cripples your processes, or hardware failures that bring your factory floor to a standstill. Application failures can cause frustration at best, and massive financial losses at worst.<\/p>\n The good news is, you can manage IT risk\u2014but first, you have to understand various risk factors: the kinds<\/strong> of risk you face, how likely<\/strong> each is to occur, the impact<\/strong> of each, how quickly<\/strong> it could happen, and how long<\/strong> it might take to recover.<\/p>\n Conducting this analysis is a simple, three-step process:<\/p>\n Chances are, when you ask your SMEs to evaluate risk, they won\u2019t know where to begin. Help them out by providing a set of questions to help contextualize risk, such as:<\/p>\n With the various risks listed, assign point values for each based on measures such as Likelihood, Impact, Velocity and Persistence. In the example grid below, measures ranked \u201clow,\u201d equal two points, \u201cmedium,\u201d four points and \u201chigh,\u201d six points. Simply add the points together to identify the greatest risks.<\/p>\n Continuing with this example, it\u2019s clear that defending against a data breach is the top priority. Building a floodwall? Not so much. But that doesn\u2019t mean you shouldn\u2019t be prepared for that risk\u2014it just means it\u2019s a lower priority as your start to implement your risk-management assessment.<\/strong><\/p>\n Obviously, your goal is to eliminate as many risks as possible. But let\u2019s be honest, life happens. So, part of your assessment should include deciding how to evaluate impact if worse comes to worse. The scale might look something like this:<\/p>\n Because the only thing as constant in life as risk is change, make sure you periodically repeat this process\u2014say, once a quarter\u2014to make sure that you are taking shifting risks and business priorities into account.<\/p>\n","protected":false},"excerpt":{"rendered":" IT risk is not a thrilling type of uncertainty. And risk gone wrong is disastrous. Here are three steps to analyze and manage your company’s IT risk.<\/p>\n","protected":false},"author":267,"featured_media":28631,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_oasis_is_in_workflow":0,"_oasis_original":0,"_oasis_task_priority":"","_relevanssi_hide_post":"","_relevanssi_hide_content":"","_relevanssi_pin_for_all":"","_relevanssi_pin_keywords":"","_relevanssi_unpin_keywords":"","_relevanssi_related_keywords":"","_relevanssi_related_include_ids":"","_relevanssi_related_exclude_ids":"","_relevanssi_related_no_append":"","_relevanssi_related_not_related":"","_relevanssi_related_posts":"","_relevanssi_noindex_reason":"","footnotes":""},"categories":[1],"tags":[19108],"coauthors":[16677,16678],"class_list":["post-28630","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized","tag-it-strategy","resource-categories-blogs","orbitmedia_post_topic-it-strategy"],"acf":[],"publishpress_future_action":{"enabled":false,"date":"2024-09-16 12:46:33","action":"change-status","newStatus":"draft","terms":[],"taxonomy":"category"},"_links":{"self":[{"href":"https:\/\/centricconsulting.com\/wp-json\/wp\/v2\/posts\/28630"}],"collection":[{"href":"https:\/\/centricconsulting.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/centricconsulting.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/centricconsulting.com\/wp-json\/wp\/v2\/users\/267"}],"replies":[{"embeddable":true,"href":"https:\/\/centricconsulting.com\/wp-json\/wp\/v2\/comments?post=28630"}],"version-history":[{"count":0,"href":"https:\/\/centricconsulting.com\/wp-json\/wp\/v2\/posts\/28630\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/centricconsulting.com\/wp-json\/wp\/v2\/media\/28631"}],"wp:attachment":[{"href":"https:\/\/centricconsulting.com\/wp-json\/wp\/v2\/media?parent=28630"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/centricconsulting.com\/wp-json\/wp\/v2\/categories?post=28630"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/centricconsulting.com\/wp-json\/wp\/v2\/tags?post=28630"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/centricconsulting.com\/wp-json\/wp\/v2\/coauthors?post=28630"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}\n
Step 1: Talk to Your People<\/h2>\n
\n
Step 2: Quantify the Risk<\/h2>\n
<\/a><\/h3>\n
Step 3: Put Your Data to Work<\/h2>\n
\n
Finally<\/h2>\n