Google

Sunday, September 10, 2006

IT Risks

IT risks and circumstances or conditions giving rise to each risk :-


Infrastructure
Organization does not have an effective IT infrastructure (e.g. hardware, software, network, people and processes) to effectively support the current and future needs of the business in an efficient, cost-effective and well-controlled fashion.

The risks are generally considered within the following core IT processes:

  • Organizational planning
  • Application system definition and deployment
  • Logical security and security administration
  • Computer and network operations
  • Data and database management
  • Business/data center recovery

Access

Failure to adequately restrict access to information (data or programmes, in any form), which may result in, unauthorized knowledge and use of confidential information. Access risk can occur at any, or all of the following 5 levels i.e. network, processing environment, application system, functional access (within an application), field level access (within a function)

Integrity

Inaccuracy and incompleteness of transactions entered into, processed by, or reported by the various application systems deployed. The risk may occur due to improper segregation of duties, inadequate preventive and detective data controls e.g. balancing, reconciliation controls, error processing, interface, change management, data.

Relevance

Irrelevant information created or summarized by an application system, which may adversely affect decisions of the users. The risks relates to the usability and timeliness of information collected, maintained or distributed.

Availability
  • Unavailability of important information when needed threatens the continuity of the organization’s critical operations and processes.
  • Availability risk focuses on 3 different levels of risk:
  • Risks that can be avoided by monitoring performance and proactively addressing system issues before a problem occurs
  • Risks associated with short-term disruptions to systems where restore/recovery techniques can be used to minimize the extent of a disruption
  • Risks associated with disaster that cause longer term disruptions in information processing and which focus on controls such as backups and contingency planning

Labels:

posted by man at 7:26 PM

technorati tags:

0 Comments:

Post a Comment

<< Home