Abstract:
Today’s enterprise faces a daunting range of IT risks, from security, business malfeasance and insider threats, to those facing business-critical IT service availability, performance and integrity. In response, regulatory compliance has driven the pursuit of more effective IT governance. IT risk management has become the lynchpin of all these demands. The challenge is complex. Different groups each have their own view of risk, in a multitude of technology domains. Bringing coherence to this challenge is the goal of a more strategic approach to IT risk management. In this study, EMA takes a look at the trends and technologies defining a new initiative—Strategic IT Risk Management—where a coherent approach to developing an enterprise risk strategy is driving a more comprehensive view of governance, risk and compliance management, and shaping new ways to define and manage risks throughout IT.Table of Contents
Executive Summary
Background and Context: The Evolution of IT Risk Management
IT Management Is Risk Management
Driving the Trend: Security and Regulatory Compliance
Converging on Goals: Risk Management as the Objective…
…with IT Governance as the Means of Control
The Rise of GRC Platforms
What Does “Strategic” Risk Management Mean in IT?
Strategic Management vs. Strategic Risk
Strategic IT Risk Management and the Scope of This Report
What are the Challenges that Strategic IT Risk Management is arising to Address?
Senior Management Risk Visibility Is Often Blurred Across Silos and Through Layers
IT Operations Struggles to Rationalize Multiple Views of Criticality
Complexity and Proliferation of Technology Point Solutions
“Three P’s” Are Key: Policy, Process and Procedure
Strategic IT Risk Management Lifecycle
Strategic IT Risk Management Scope and Functionality
Qualifying the Landscape: Layers and Segments
The Four Layers of Strategic IT Risk Management
Layer 1
Layer 2
Layer 3
Layer 4
Strategic IT Risk Management Market Segmentation
IT Service, Operations and Security Management
Security Management
IT Service Management and Business Service Management
Information Management
The CMDB
“Next-Generation” Asset Management
Data Protection, Disaster Recovery and Business Continuity
Project Portfolio Management
Identity and Access Management
Configuration Audit and Control
Security Information and Event Management (SIEM)
Content Risk Management
Database Governance and Risk Management
IT Security Risk Management
Further Consolidation Likely
Policy Compliance and IT GRC Systems
Business and Financial GRC with IT Governance or IT GRC Modules
Enterprise Application Platforms and Integrators
Looking Forward: The Future of Strategic IT Risk Management
Advances in the Automation of IT Management
The Evolution of IT Risk Metrics
Increasing Relationships between IT, Business and Financial Risk Management
Business Intelligence (BI) and Enterprise Decision Management (EDM)
Modeling and Enterprise Architecture
EMA’s Perspective
Challenges Facing Strategic IT Risk Management
Lack of Maturity in IT Management
Lack of Consensus Among Stakeholders
Lack of Consensus on “Acceptable” IT Risk
Recommendations
Make the Most of Shared Opportunities
More Than Cooperation, Active Participation among Stakeholders Is Vital
Consensus Must Be Grounded in Reality
Make Room for Agility in Responding to Rapidly Changing Perceptions of Risk
Toward IT Risk Management Maturity
Related and Upcoming EMA Research
Appendix A: Indicators of Maturity in Strategic IT Risk Management
Appendix B: Definitions |
Free Resources
Get Access to Free White Papers, Webinars, IT Management Solutions Center and more!
|
|
Author:
