This is the final part of our 4-part series on application-based risk management. In part 1, we learned how to prepare a detailed listing of all applications as preparation for setting the scope of the risk assessment. Part 2 covered prioritizing applications for risk protection and mitigation. Part 3 discussed assessing the risks to applications to be able to suggest and evaluate possible mitigations. Part 4 will demonstrate how Alfabet – for enterprise architecture and IT portfolio management - can be used for effective and efficient risk management.
Efficient IT risk management with Alfabet
As IT tries to keep pace with the acceleration of the business environment, IT managers must find that delicate balance between performance and risk. They need greater insight into their organization’s risk exposure to be able to understand what IT systems carry risk, what the implications of the risk are, and what kind of mitigation measures are needed. Every company in every industry will have some risk management process in place. But what they need to be asking themselves is: Are the processes and tools we are using really helping to identify all the risks the company is facing? Because in IT risk management it’s clear: What you don’t know WILL hurt you. A risk management program needs to ensure that:
- ALL IT assets are being considered
- “Invisible” assets relating to risk-loaded assets are identified
- Risk surveys are executed time- and cost-efficiently
- Resources for assessing risks and mitigation efforts are only used on assets that are truly critical
- Mitigation plans are actionable, effective and published
- Decisions to accept certain risks are communicated to senior management
- Risk management processes are repeatable and sustainable
Alfabet puts a best-practice methodology into your hands that will improve your company’s risk posture by identifying:
- Which projects and applications are risk-relevant
- What risks these projects and applications pose
- Which vulnerabilities against threats applications could be exposed to
- How risks can be effectively mitigated
- Which mitigations have not been implemented
Alfabet’s proven technology platform enables you to:
- Capture the assets to be evaluated
- Understand the structure and relationships of the assets
- Employ collaboration technology to ensure timely survey participation
- Automatically translate survey results into risk-relevance values
- Associate known threats to applications to expose vulnerabilities
- Create reports for easy understanding and communication of the risk portfolio
- Know when, where and how to start mitigation
Using Alfabet for a sustainable IT risk management program will reduce the chance of risk event loss and provide a basis for a cost-effective and sustainable risk management program.
This article is part of the TECHniques newsletter blog - technical tips and tricks for the Software AG community. Subscribe to receive our quarterly updates or read the latest issue.