- Teks
- Sejarah
First seek to manage IT risks like
First seek to manage IT risks like other business risks
A portfolio approach to managing IT risks spans the collection of all of the different
classes of IT risk. You would first want to apply accepted business risk management
practices consistently across these different classes of IT risk. At the risk of
oversimplifying,12 we summarize below the key points of the Australian / New
Zealand Risk Management Standard (AS/NZS 4360) currently being considered
12 We agree with Charette (1996) that the mechanics of managing IT risk are far from
merely mechanical.
by the International Standards Organization (ISO) for international adoption
(AS/NZS, 1999).
The initial step is for risks to be identified and classified, with an assessment
of the likelihood or probability of occurrence and a consideration of the potential
for impact on the business.
Having identified the risks, you then have to work out what should be done.
Various actions are possible: to act to avoid or prevent the risk from occurring;
to act to lower the likelihood of it occurring; or to act to prepare to minimize
the potential impact should defined risk events occur. In some cases there is a
possibility of transferring the risk, although in general it is not possible to obtain
insurance coverage for most classes of IT risks so this will typically be attempted
through contracting with third parties such as IT outsourcing providers.
Usually the IT risk management actions will involve a number of people and
will need to be coordinated, with some form of management plan required to
guide this activity
There may be a focus on planning business actions as well as IT actions. For
example, you may eschew a traditional disaster recovery plan with a standby
second data centre site. In its place you may invest in achieving readiness for IT
service outage events, building the capability to stem the losses and to enable a
rapid recovery to an alternative mode of operation.
Alternatively, you may determine that a passive approach is preferable and
that the level of risk in a particular case is tolerable. In this case only the monitoring
and review actions need to be assigned so that if a change occurs in the
nature of the risk, its probability or potential impact, it will be identified and
reported to you.
Ultimately all risk management plans should perhaps trend towards this
passive or maintenance approach, where no further risk management actions
are warranted. Keeping doing what we are doing today reduces risk over
time. Eventually the residual risk – net remaining risk after considering the
effect of management controls – arrives at a tolerable level. At this stage of
maturity, you will be focused on exceptions, emerging risks and changes to the
portfolio.
Information about your portfolio of IT risks needs to be maintained over time
and be designed to yield clear answers to questions such as: ‘What are the top IT
risks, how are these risks being managed and who is managing them?’
It should also be possible to determine the cost and effort associated with
the risk management actions that are planned and to ensure adequate funding
provisions exist. Most importantly it should be possible to determine that your
most significant risks are receiving the most effort and attention.
It is worth stressing that only with an integrated, business-oriented IT risk
management approach is it possible to undertake sensible trade-offs, across the
IT risk portfolio and across other business risk areas.
The residual risks being carried by your organization should be stated and
understood. While unplanned and unexpected loss events can occur, as this is
Introducing the IT risk portfolio 47
48 IT risk portfolio
the very essence of risk, the key is to ensure these possible loss events are
acceptable and aligned with the organization’s risk appetite.
A portfolio approach to managing IT risks spans the collection of all of the different
classes of IT risk. You would first want to apply accepted business risk management
practices consistently across these different classes of IT risk. At the risk of
oversimplifying,12 we summarize below the key points of the Australian / New
Zealand Risk Management Standard (AS/NZS 4360) currently being considered
12 We agree with Charette (1996) that the mechanics of managing IT risk are far from
merely mechanical.
by the International Standards Organization (ISO) for international adoption
(AS/NZS, 1999).
The initial step is for risks to be identified and classified, with an assessment
of the likelihood or probability of occurrence and a consideration of the potential
for impact on the business.
Having identified the risks, you then have to work out what should be done.
Various actions are possible: to act to avoid or prevent the risk from occurring;
to act to lower the likelihood of it occurring; or to act to prepare to minimize
the potential impact should defined risk events occur. In some cases there is a
possibility of transferring the risk, although in general it is not possible to obtain
insurance coverage for most classes of IT risks so this will typically be attempted
through contracting with third parties such as IT outsourcing providers.
Usually the IT risk management actions will involve a number of people and
will need to be coordinated, with some form of management plan required to
guide this activity
There may be a focus on planning business actions as well as IT actions. For
example, you may eschew a traditional disaster recovery plan with a standby
second data centre site. In its place you may invest in achieving readiness for IT
service outage events, building the capability to stem the losses and to enable a
rapid recovery to an alternative mode of operation.
Alternatively, you may determine that a passive approach is preferable and
that the level of risk in a particular case is tolerable. In this case only the monitoring
and review actions need to be assigned so that if a change occurs in the
nature of the risk, its probability or potential impact, it will be identified and
reported to you.
Ultimately all risk management plans should perhaps trend towards this
passive or maintenance approach, where no further risk management actions
are warranted. Keeping doing what we are doing today reduces risk over
time. Eventually the residual risk – net remaining risk after considering the
effect of management controls – arrives at a tolerable level. At this stage of
maturity, you will be focused on exceptions, emerging risks and changes to the
portfolio.
Information about your portfolio of IT risks needs to be maintained over time
and be designed to yield clear answers to questions such as: ‘What are the top IT
risks, how are these risks being managed and who is managing them?’
It should also be possible to determine the cost and effort associated with
the risk management actions that are planned and to ensure adequate funding
provisions exist. Most importantly it should be possible to determine that your
most significant risks are receiving the most effort and attention.
It is worth stressing that only with an integrated, business-oriented IT risk
management approach is it possible to undertake sensible trade-offs, across the
IT risk portfolio and across other business risk areas.
The residual risks being carried by your organization should be stated and
understood. While unplanned and unexpected loss events can occur, as this is
Introducing the IT risk portfolio 47
48 IT risk portfolio
the very essence of risk, the key is to ensure these possible loss events are
acceptable and aligned with the organization’s risk appetite.
0/5000
First seek to manage IT risks like other business risksA portfolio approach to managing IT risks spans the collection of all of the differentclasses of IT risk. You would first want to apply accepted business risk managementpractices consistently across these different classes of IT risk. At the risk ofoversimplifying,12 we summarize below the key points of the Australian / NewZealand Risk Management Standard (AS/NZS 4360) currently being considered12 We agree with Charette (1996) that the mechanics of managing IT risk are far frommerely mechanical.by the International Standards Organization (ISO) for international adoption(AS/NZS, 1999).The initial step is for risks to be identified and classified, with an assessmentof the likelihood or probability of occurrence and a consideration of the potentialfor impact on the business.Having identified the risks, you then have to work out what should be done.Various actions are possible: to act to avoid or prevent the risk from occurring;to act to lower the likelihood of it occurring; or to act to prepare to minimizethe potential impact should defined risk events occur. In some cases there is apossibility of transferring the risk, although in general it is not possible to obtaininsurance coverage for most classes of IT risks so this will typically be attemptedthrough contracting with third parties such as IT outsourcing providers.Usually the IT risk management actions will involve a number of people andwill need to be coordinated, with some form of management plan required toguide this activityThere may be a focus on planning business actions as well as IT actions. Forexample, you may eschew a traditional disaster recovery plan with a standbysecond data centre site. In its place you may invest in achieving readiness for ITservice outage events, building the capability to stem the losses and to enable arapid recovery to an alternative mode of operation.Alternatively, you may determine that a passive approach is preferable andthat the level of risk in a particular case is tolerable. In this case only the monitoringand review actions need to be assigned so that if a change occurs in thenature of the risk, its probability or potential impact, it will be identified andreported to you.Ultimately all risk management plans should perhaps trend towards thispassive or maintenance approach, where no further risk management actionsare warranted. Keeping doing what we are doing today reduces risk overtime. Eventually the residual risk – net remaining risk after considering theeffect of management controls – arrives at a tolerable level. At this stage ofmaturity, you will be focused on exceptions, emerging risks and changes to theportfolio.Information about your portfolio of IT risks needs to be maintained over timeand be designed to yield clear answers to questions such as: ‘What are the top ITrisks, how are these risks being managed and who is managing them?’It should also be possible to determine the cost and effort associated withthe risk management actions that are planned and to ensure adequate fundingprovisions exist. Most importantly it should be possible to determine that yourmost significant risks are receiving the most effort and attention.It is worth stressing that only with an integrated, business-oriented IT riskmanagement approach is it possible to undertake sensible trade-offs, across theIT risk portfolio and across other business risk areas.The residual risks being carried by your organization should be stated andunderstood. While unplanned and unexpected loss events can occur, as this isIntroducing the IT risk portfolio 4748 IT risk portfoliothe very essence of risk, the key is to ensure these possible loss events areacceptable and aligned with the organization’s risk appetite.
Sedang diterjemahkan, harap tunggu..
Pertama berusaha untuk mengelola risiko TI seperti bisnis lainnya risiko
Pendekatan portofolio untuk mengelola risiko TI mencakup pengumpulan semua berbeda
kelas risiko TI. Anda pertama akan ingin menerapkan manajemen risiko bisnis yang berlaku
praktek secara konsisten di seluruh kelas-kelas yang berbeda dari risiko TI. Pada risiko
terlalu menyederhanakan, 12 kami merangkum bawah titik kunci dari / Australia New
Zealand Risiko Standar Manajemen (AS / NZS 4360) saat ini sedang dipertimbangkan
12 Kami setuju dengan Charette (1996) bahwa mekanisme pengelolaan risiko TI yang jauh dari
sekedar mekanik.
oleh Organisasi Standar Internasional (ISO) untuk adopsi internasional
(AS / NZS 1999).
Langkah awal adalah untuk risiko yang akan diidentifikasi dan diklasifikasikan, dengan penilaian
dari kemungkinan atau probabilitas terjadinya dan pertimbangan potensi
untuk . berdampak pada bisnis
Setelah mengidentifikasi risiko, maka Anda harus bekerja keluar apa yang harus dilakukan.
Berbagai tindakan yang mungkin: bertindak untuk menghindari atau mencegah risiko dari terjadi,
bertindak untuk menurunkan kemungkinan itu terjadi; atau bertindak untuk mempersiapkan untuk meminimalkan
dampak potensial harus kejadian risiko didefinisikan terjadi. Dalam beberapa kasus ada
kemungkinan mentransfer risiko, meskipun secara umum tidak mungkin untuk mendapatkan
asuransi untuk sebagian kelas TI risiko jadi ini biasanya akan berusaha
melalui kontrak dengan pihak ketiga seperti IT outsourcing penyedia.
Biasanya risiko IT tindakan manajemen akan melibatkan sejumlah orang dan
perlu dikoordinasikan, dengan beberapa bentuk rencana pengelolaan yang diperlukan untuk
memandu kegiatan ini
Mungkin ada fokus pada perencanaan tindakan bisnis serta tindakan IT. Untuk
contoh, Anda mungkin menghindari rencana pemulihan bencana tradisional dengan standby
kedua situs pusat data. Sebagai gantinya Anda dapat berinvestasi dalam mencapai kesiapan IT
layanan peristiwa pemadaman, membangun kemampuan untuk membendung kerugian dan untuk memungkinkan
pemulihan yang cepat untuk alternatif moda operasi.
Atau, Anda dapat menentukan bahwa pendekatan pasif adalah lebih dan
bahwa tingkat risiko dalam kasus tertentu ditoleransi. Dalam hal ini hanya pemantauan
tindakan dan review harus ditetapkan sehingga jika perubahan terjadi pada
sifat risiko, probabilitas atau dampak potensial, itu akan diidentifikasi dan
dilaporkan kepada Anda.
Pada akhirnya semua rencana manajemen risiko harus mungkin tren ke arah ini
pasif atau pemeliharaan pendekatan, di mana tidak ada tindakan manajemen risiko lebih lanjut
dijamin. Menjaga melakukan apa yang kita lakukan saat ini mengurangi resiko lebih
waktu. Akhirnya risiko residual - risiko yang tersisa bersih setelah mempertimbangkan
efek dari kontrol manajemen - tiba pada tingkat ditoleransi. Pada tahap ini
jatuh tempo, Anda akan difokuskan pada pengecualian, muncul risiko dan perubahan
portofolio.
Informasi tentang portofolio Anda dari risiko TI kebutuhan untuk dipertahankan dari waktu ke waktu
dan dirancang untuk menghasilkan jawaban yang jelas untuk pertanyaan-pertanyaan seperti: "Apa Atas TI
risiko, bagaimana risiko tersebut dikelola dan siapa yang mengelola mereka? "
Hal ini juga harus mungkin untuk menentukan biaya dan usaha yang terkait dengan
tindakan manajemen risiko yang direncanakan dan untuk memastikan pendanaan yang memadai
ketentuan yang ada. Yang paling penting itu harus mungkin untuk menentukan bahwa Anda
risiko paling signifikan menerima upaya yang paling dan perhatian.
Perlu menekankan bahwa hanya dengan terintegrasi, risiko berorientasi bisnis IT
pendekatan manajemen apakah mungkin untuk melakukan yang masuk akal trade-off, seluruh
portofolio risiko IT dan di daerah risiko bisnis lainnya.
Risiko residual yang dilakukan oleh organisasi Anda harus dinyatakan dan
dipahami. Sementara peristiwa hilangnya terencana dan tak terduga dapat terjadi, karena ini adalah
Memperkenalkan risiko TI portofolio 47
portofolio risiko 48 IT
esensi dari resiko, kuncinya adalah untuk memastikan peristiwa hilangnya kemungkinan yang
dapat diterima dan sesuai dengan risk appetite organisasi.
Pendekatan portofolio untuk mengelola risiko TI mencakup pengumpulan semua berbeda
kelas risiko TI. Anda pertama akan ingin menerapkan manajemen risiko bisnis yang berlaku
praktek secara konsisten di seluruh kelas-kelas yang berbeda dari risiko TI. Pada risiko
terlalu menyederhanakan, 12 kami merangkum bawah titik kunci dari / Australia New
Zealand Risiko Standar Manajemen (AS / NZS 4360) saat ini sedang dipertimbangkan
12 Kami setuju dengan Charette (1996) bahwa mekanisme pengelolaan risiko TI yang jauh dari
sekedar mekanik.
oleh Organisasi Standar Internasional (ISO) untuk adopsi internasional
(AS / NZS 1999).
Langkah awal adalah untuk risiko yang akan diidentifikasi dan diklasifikasikan, dengan penilaian
dari kemungkinan atau probabilitas terjadinya dan pertimbangan potensi
untuk . berdampak pada bisnis
Setelah mengidentifikasi risiko, maka Anda harus bekerja keluar apa yang harus dilakukan.
Berbagai tindakan yang mungkin: bertindak untuk menghindari atau mencegah risiko dari terjadi,
bertindak untuk menurunkan kemungkinan itu terjadi; atau bertindak untuk mempersiapkan untuk meminimalkan
dampak potensial harus kejadian risiko didefinisikan terjadi. Dalam beberapa kasus ada
kemungkinan mentransfer risiko, meskipun secara umum tidak mungkin untuk mendapatkan
asuransi untuk sebagian kelas TI risiko jadi ini biasanya akan berusaha
melalui kontrak dengan pihak ketiga seperti IT outsourcing penyedia.
Biasanya risiko IT tindakan manajemen akan melibatkan sejumlah orang dan
perlu dikoordinasikan, dengan beberapa bentuk rencana pengelolaan yang diperlukan untuk
memandu kegiatan ini
Mungkin ada fokus pada perencanaan tindakan bisnis serta tindakan IT. Untuk
contoh, Anda mungkin menghindari rencana pemulihan bencana tradisional dengan standby
kedua situs pusat data. Sebagai gantinya Anda dapat berinvestasi dalam mencapai kesiapan IT
layanan peristiwa pemadaman, membangun kemampuan untuk membendung kerugian dan untuk memungkinkan
pemulihan yang cepat untuk alternatif moda operasi.
Atau, Anda dapat menentukan bahwa pendekatan pasif adalah lebih dan
bahwa tingkat risiko dalam kasus tertentu ditoleransi. Dalam hal ini hanya pemantauan
tindakan dan review harus ditetapkan sehingga jika perubahan terjadi pada
sifat risiko, probabilitas atau dampak potensial, itu akan diidentifikasi dan
dilaporkan kepada Anda.
Pada akhirnya semua rencana manajemen risiko harus mungkin tren ke arah ini
pasif atau pemeliharaan pendekatan, di mana tidak ada tindakan manajemen risiko lebih lanjut
dijamin. Menjaga melakukan apa yang kita lakukan saat ini mengurangi resiko lebih
waktu. Akhirnya risiko residual - risiko yang tersisa bersih setelah mempertimbangkan
efek dari kontrol manajemen - tiba pada tingkat ditoleransi. Pada tahap ini
jatuh tempo, Anda akan difokuskan pada pengecualian, muncul risiko dan perubahan
portofolio.
Informasi tentang portofolio Anda dari risiko TI kebutuhan untuk dipertahankan dari waktu ke waktu
dan dirancang untuk menghasilkan jawaban yang jelas untuk pertanyaan-pertanyaan seperti: "Apa Atas TI
risiko, bagaimana risiko tersebut dikelola dan siapa yang mengelola mereka? "
Hal ini juga harus mungkin untuk menentukan biaya dan usaha yang terkait dengan
tindakan manajemen risiko yang direncanakan dan untuk memastikan pendanaan yang memadai
ketentuan yang ada. Yang paling penting itu harus mungkin untuk menentukan bahwa Anda
risiko paling signifikan menerima upaya yang paling dan perhatian.
Perlu menekankan bahwa hanya dengan terintegrasi, risiko berorientasi bisnis IT
pendekatan manajemen apakah mungkin untuk melakukan yang masuk akal trade-off, seluruh
portofolio risiko IT dan di daerah risiko bisnis lainnya.
Risiko residual yang dilakukan oleh organisasi Anda harus dinyatakan dan
dipahami. Sementara peristiwa hilangnya terencana dan tak terduga dapat terjadi, karena ini adalah
Memperkenalkan risiko TI portofolio 47
portofolio risiko 48 IT
esensi dari resiko, kuncinya adalah untuk memastikan peristiwa hilangnya kemungkinan yang
dapat diterima dan sesuai dengan risk appetite organisasi.
Sedang diterjemahkan, harap tunggu..
Bahasa lainnya
Dukungan alat penerjemahan: Afrikans, Albania, Amhara, Arab, Armenia, Azerbaijan, Bahasa Indonesia, Basque, Belanda, Belarussia, Bengali, Bosnia, Bulgaria, Burma, Cebuano, Ceko, Chichewa, China, Cina Tradisional, Denmark, Deteksi bahasa, Esperanto, Estonia, Farsi, Finlandia, Frisia, Gaelig, Gaelik Skotlandia, Galisia, Georgia, Gujarati, Hausa, Hawaii, Hindi, Hmong, Ibrani, Igbo, Inggris, Islan, Italia, Jawa, Jepang, Jerman, Kannada, Katala, Kazak, Khmer, Kinyarwanda, Kirghiz, Klingon, Korea, Korsika, Kreol Haiti, Kroat, Kurdi, Laos, Latin, Latvia, Lituania, Luksemburg, Magyar, Makedonia, Malagasi, Malayalam, Malta, Maori, Marathi, Melayu, Mongol, Nepal, Norsk, Odia (Oriya), Pashto, Polandia, Portugis, Prancis, Punjabi, Rumania, Rusia, Samoa, Serb, Sesotho, Shona, Sindhi, Sinhala, Slovakia, Slovenia, Somali, Spanyol, Sunda, Swahili, Swensk, Tagalog, Tajik, Tamil, Tatar, Telugu, Thai, Turki, Turkmen, Ukraina, Urdu, Uyghur, Uzbek, Vietnam, Wales, Xhosa, Yiddi, Yoruba, Yunani, Zulu, Bahasa terjemahan.
- Kirim uang....saya hari sabtu datang ke
- siapa dia
- Saya baru sekali pacaran,saya bukan tida
- aha siapakah orang itu
- Enter a friend's full name
- aha siapa orang itu
- kemana sih kamu tuh ?gak ada kabar ?bose
- Gesangseinlage von Sumarni mit Gelspende
- Believe in Allah, He is the best directo
- Let me sleep!!OkeIt's funnyThis is funny
- IT and other enterprise risksHaving esta
- Gesangseinlage von Sumarni mit Gelspende
- believe in yourself and go for it
- happy birthday wish you the best
- kemana sih kamu tuh ?gak ada kabar ?bose
- Jaga dan lindungi dia selalu , Tuhan
- IT and other enterprise risksHaving esta
- Penelitian menggunakan metode koefisien
- IT and other enterprise risksHaving esta
- Believe in Allah, He is the best directo
- IT and other enterprise risksHaving esta
- Believe in Allah, He is the best directo
- kemana sih kamu tuh ?gak ada kabar ?bose
- siapakah dia
