Inappropriate IT Decisions Leads to Security Dangers

Gartner analysts claimed that many enterprises have not adjusted their business processes to make appropriate IT decisions and manage security risks leading them to tread on paths fraught with danger.

According to the analysts, since businesses increasingly rely on the effective running of IT tools and solutions, repercussions for them become bigger when the IT fails. The extent of such results is so great that IT risk cannot any longer be considered the only responsibility of IT unit.

While speaking at Gartner's IT Security Summit in London, Gartner VP Richard Hunter said that IT threat had transformed, and that incidents harm areas both inside and outside the organizations. They destroy good name of corporate while exposing management weaknesses. In particular, inability to control IT risk leads to the dampening of a company's competence. COMPUTERWORLDUK reported this on September 18, 2007.

Hunter has co-authored the book titled "IT Risk: Turning Business Threats into Competitive Advantage" jointly with George Westerman, research scientist with the Center for Information Systems Research at MIT Sloan School of Management.

Gartner has identified four important areas where weak risk management could potentially affect them: the accessibility of IT processes and systems; control on use of IT systems; the correctness of data drawn from IT systems; and, the flexibility of IT systems to adjust quickly after product launches or company acquisitions.

Although it is virtually impossible to eradicate IT risk, a possible exchange between risk and return were required, said Hunter. However, companies should not depend entirely on IT departments to deal with these risks, he added. Organizations must understand IT risk to the extent it could affect IT-enabled company objectives.

According to Hunter, a company needs to assess if its business processes and IT systems will be able to run as before should a technology failure occur, and if its systems could recuperate from interruptions. Companies also need to know if the right persons could access the data while the wrong individuals are debarred from it. Moreover, companies need to have strong assets - people, IT, and supporting controls and procedures to help in the right management of risks in a right order.

Related article: Impersonated ImageShack Site Delivering Trojan

» SPAMfighter News - 10/5/2007