Chapter 6
Step 6: Protect
Risk is like fire: If controlled it will help you; if uncontrolled it will rise up and destroy you.
—Theodore Roosevelt
Risk surrounds every business every day—from network attacks and viruses to data loss. An important part of IT's job is to manage and minimize these risks so that the company can continue to operate effectively and protect its reputation. This chapter describes the risks that an IT department must manage to protect its company's interests and some strategies to ensure minimal effect on the business in the event of an IT service interruption. It also explains the methods for addressing the mounting risks with fast-moving trends, including cloud computing, social media, and mobility.
The National Institute of Standards and Technology (NIST) developed a risk management guide for IT systems. An effective risk management process is an important component of a successful IT security program. The principal goal of an organization's risk management process should be to protect the organization and its ability to perform its mission, not just to protect its IT assets.
Therefore, the risk management process should not be treated primarily as a technical function carried out by the IT experts who operate and manage the IT system, but as an essential management function of the ...
Get The CIO Playbook: Strategies and Best Practices for IT Leaders to Deliver Value now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.