IT Risk Management is the process of managing risk in data, i.e: protecting data against loss, theft or misuse. IT Risk Management includes Data security and confidentiality: ensuring the safe-keeping of personal information that can be used by third parties without authorization. Security of system configurations: ensuring that the configuration of your system is appropriate for the operating system of your organisation;
IITM is the process of Security of Information Technology (STIX): protecting your information, system and network from the dangers of security breaches; Data integrity, confidentiality and availability: ensuring that your data can be reliably retrieved even if your system fails, and is not subject to unauthorized access, tampering or modification. System management: maintaining system health and reliability by regularly monitoring, testing and reporting on system performance;
ITIL is the process of System administration: implementing and maintaining systems within your organisation; Business process integration: integrating business process models into the architecture of the information technology (IT) system to provide a complete solution that minimizes risk; Data security and confidentiality: protecting your business information from unauthorized access, theft or misuse;
IITM involves Software architecture: creating, implementing and designing a software system to help your business meet its strategic goals. Functional requirements: creating a software system to fulfil a need in your organisation. Designing the architecture: designing and implementing a software system to meet operational requirements. Documentation: providing technical support to customers.
As the software architecture is developed, implemented and maintained, it becomes an important part of IITM. This phase involves Software maintenance: maintaining a complete software system for a period of time, usually at least three years.
IITM also includes Monitoring: assessing the performance of the software systems that are required to ensure that they meet your needs, and are reliable. Maintenance and upgrade: maintaining software systems as and when required.
It is a vital component of IITM and an essential component of the overall IT Risk Management strategy. When you have taken steps towards IITM, you must be able to monitor, manage and control the risks to your business, so that they do not cause any problems or damage.
The basic activities that are involved in IITM include: Designing and developing a software application to solve a problem. Testing: evaluating a new application. Maintenance: regularly testing and updating your software applications to maintain their performance. Upgrading: upgrading your software system to meet your company’s unique requirements.
While it is possible to implement these activities on your own, it is often better to leave the decision up to an outside firm to perform these activities. To effectively reduce the risk to your organisation, you should use a professional service provider who can perform all these activities as part of your internal or external IT Risk Management Strategy.