The risks associated with business and IS/IT change

What do you think are the risks associated with business and IS/IT change?

First what is risk? According to Steve Elky, “Risk is the potential harm that may arise from some current process or from some future event. Risk is present in every aspect of our lives and many different disciplines focus on risk as it applies to them”

In the IT perspective, risk is the process of understanding and responding to factors that may lead to a failure in the confidentiality, integrity or availability of an information system.

The Information System helps ensure that business systems deliver value and that the risks inherent in using technology are managed. Technology enables rapid global business growth and advancement. It is also a major source of business risk. Measuring and improving Information System is a constant challenge. Performance must be measurable to determine that the investment in IT is properly managed, technology risks are appropriately controlled, and a baseline for improvement is established.

According to G.K.Choksi & Co.'s, “Risks change. Priorities change. People and processes change. When that happens, your business becomes exposed—unless you have a sustainable approach to risk management.”

“Often, what is missing is an effective dialog between the corporate level and the IT function. When this is supported by an investment appraisal and performance monitoring, the organization can have a clearer understanding of the benefits IT brings to the business.”

“In addition, business events such as transactions and restructuring will change the overall IT requirement. Clients then need to reappraise management and sourcing decisions.”

The company I’ve visited was Marco Polo Davao. Visitor’s information to their website that avail the services of the company were automatically collected through the standard operation of the internet servers and through the use of "cookies". "Cookies" are small text files a web site can use to recognize repeat users, facilitate the user's ongoing access to and use of the site and allow a site to track usage behavior and compile aggregate data that will allow content improvements and targeted advertising. Cookies are not programs that come onto a system and damage files. Generally, cookies work by assigning a unique number to each customer that has no meaning outside the assigning site. If visitors do not want information collected through the use of cookies, there is a simple procedure in most browsers that allows a customer to deny or accept the cookie feature; however, visitors should note that cookies may be necessary to provide customers with certain features (e.g., customized delivery of information) available on the company web site.

At its core, the Marco Polo Hotels holds the following values and beliefs:

Exceptional Service - We understand that the value can be created with every encounter and this is reflected in our superior standard of service.

Integrity - We are honest and straightforward in our interactions with our owners, guests, colleagues and the communities in which we operate.

Respect - We respect the objectives of our stakeholders, the values of our guests, and the cultural difference in the locations that we operate.

Teamwork and Passion - We bring our individual expertise, creativity and passion for our industry as a Marco Polo team member. This sets us apart and is the essence of the Marco Polo Way.

Continuous Improvement - We are innovative and utilize best practices to continually improve our management techniques, and the quality of our products and services.

Based on the organization I’ve visited “The Marco Polo Davao”, for me I think this large type of company is less to risks. But then, all organizations have limited resource and risk can never be reduced to zero.

The Security, Privacy, Confidentiality were the risks that are associated with business and IS/IT change. In today's business environment, the reputation of a business, indeed it's existence, can be impacted significantly by the strength of the security, privacy and business continuity mechanisms it has in place.

Investing in the proper technology is the key to success. Remember that IS/IT when done right can truly add to your business by adding to productivity and efficiency of the day to day operations and can help you take on more clients and over all help you build your business. For me, it is important to manage risk in a business or organization to protect the mission and assets of the company. Also, a decision is a big part in a company because it may result in inappropriate investments in or poor implementations of new systems.

In summary, success and effective risk management is the basis of successful and effective IT security. Due to the reality of limited resources and nearly unlimited threats, a reasonable decision must be made concerning the allocation of resource to protect systems. Risk management practices allow the organization to protect information and business process commensurate with their value. To ensure the maximum value of risk management, it must be consistent and repeatable. Establishing and utilizing an effective, high quality risk management process and basing the information security activities of the organization on this process will lead to an effective information security program in the organization.

References:

http://www.gkcco.com/information-system-audit-india/risk-management-auditing-india.htm

http://docs.google.com/gview?a=v&q=cache:SQWRAGanyTIJ:www.sans.org/reading_room/whitepapers/auditing/an_introduction_to_information_system_risk_management_1204%3Fshow%3D1204.php%26cat%3Dauditing+risk+in+information+technology,+busine