Picture this. It’s late 2006, we’re on the verge of the 2008 economic collapse in the United States, and an investment bank makes a strategic move. Their data models show unexpected losses for two weeks, and a decision is made to hedge their subprime portfolio. Other investment banks don’t take the same type of actions to limit their exposure, the markets nosedive, and within two years they’re out of business.
Risk management. Critically important in this example from the financial world, as Tom Stanton described in his TEDx Talk
, as well as in the fabric of your IT infrastructure.
In this blog, we’ll start with the basics of IT risk management, and then we’ll cover several best practices for implementing a solid strategy to help protect your organization.
What Is Risk Management?
Risk management is a systematic approach to understanding, evaluating, and addressing risks to help reach organizational goals.
When discussing best practices, it’s helpful to have a basic understanding of risks in relation to other terms you may be familiar with in IT Service Management (ITSM)
. I find myself referring to the equation below often in the ITSM world, since it explains risks in relation to assets:
Assets + Threats + Vulnerabilities = Risks
A Simple Example in IT Service Management
As a very basic example of what a risk is, let’s say an employee is missing antivirus software on their laptop, which represents the asset in this case. The vulnerability that exists is the unprotected laptop, which could become infected with malware if the employee opens the wrong email or file. The threat here is simply the potential that something (like an opened file or link click) could occur in the future.
So, a risk in this context simply means there’s an asset with a vulnerability with the potential
to become exploited if an unexpected action (threat) actually happens.
As it relates to IT, think of risks as any unexpected potential for loss, destruction, or damage that could impact objectives your team has planned for the year.
Even though risk management is not defined as an ITIL practice, it’s helpful to understand how to handle and think about risks in the ITSM world.
Why Risk Management Is Important to IT
With technology constantly changing, protecting your company’s IT infrastructure is more important than ever. As new software hits the tech scene, it’s important to understand how to manage and detect risks
associated with all the technology your company has deployed and may be managing.
Mitigating risks is also key for staying in compliance and is an ongoing process to ensure your company’s IT infrastructure is protected.
While protecting your company’s assets is a key reason behind implementing a risk management strategy, making sure you have the software and expertise is equally as important.
Explore how you can begin limiting risk by rolling out a fully scalable IT asset lifecycle management solution