Technology risk management is the direction and control of an organization to manage technology risk. This includes a standard risk management process of identifying and treating risk. Technology risk management also involves oversight of technology development and operations in areas such as information security, reliability engineering and service management. The following are common elements of technology risk management.
Technology GovernanceThe board of directors and senior management of an organization are accountable for technology risk and are expected to direct and monitor risk management efforts.
Risk Management FrameworkImplementing structures, roles & responsibilities, practices and processes for controlling technology risk.
The continuous process of identifying technology risks.Developing an understanding of the context, impact and probability of each identified risk.Developing and implementing treatments for identified risks. Common treatments include risk avoidance, mitigation, transfer, sharing and acceptance.
Monitoring and reporting of risk.
Service Management FrameworkThe structures, processes and tools for operating technology services.Handling failures that occur. A tactical process that seeks to quickly minimize impact.
The process of identifying and addressing the root cause of failures. A strategic process that learns from failure to drive improvement.Controlling change to technology environments.
Configuration ManagementEnsuring that changes to technology are traceable.
The process of efficiently scaling technology to meet business demands.Control of technology assets including financial, contractual and lifecycle considerations.
Lifecycle ManagementIdentifying and managing risks related to aging technologies and equipment. For example, planning to replace software that is no longer supported by its vendor.
Tracking and implementing patches, particularly security patches.
Identity & Access ManagementSecure processes for granting access to technology and information resources include appropriate separation of concerns.The defense of information and information systems from unauthorized access, use, disclosure, modification or disruption. Includes system security, data loss prevention, technology infrastructure security and network security.
Physical SecurityPhysically securing information resources and related facilities such as offices and data centers.
Security MonitoringSecurity monitoring of platforms, hosts, networks, systems, applications and databases. Large organizations may have a dedicated information security operations center for this purpose.
Defensive ComputingTraining all employees to be aware of defensive computing practices.
Customer ProtectionExtending your security efforts to customers. For example, helping customers to secure clients such as web browsers that are used to access your services.
Outsourcing ManagementManaging technology risks related to external partners. This includes due diligence in selecting partners and monitoring their performance.Controlled planning and execution of technology projects.
IT StandardsDeveloping and operating technology resources according to standard policies and practices such as secure coding guidelines.
Security RequirementsDeveloping and implementing security requirements for technology projects.Code reviews and security testing including penetration tests.Adequate encryption of sensitive information in transit, use and storage.
Keys ManagementThe process of securing encryption keys.Designing platforms, systems, applications, infrastructure and facilities for resilience.Ensuring that technology operations and events are recorded with sufficient detail to be reconstructed for the purposes of investigation and audit.Secure and resilient processes for backing up data.
IT AuditPeriodic or ongoing evaluations of technology controls.
This is the complete list of articles we have written about risk management.
If you enjoyed this page, please consider bookmarking Simplicable.
© 2010-2023 Simplicable. All Rights Reserved. Reproduction of materials found on this site, in any form, without explicit permission is prohibited.
View credits & copyrights or citation information for this page.