Step 6: Protect
Risk is like fire: If controlled it will help you; if uncontrolled it will rise up and destroy you.
Risk surrounds every business every day—from network attacks and viruses to data loss. An important part of IT's job is to manage and minimize these risks so that the company can continue to operate effectively and protect its reputation. This chapter describes the risks that an IT department must manage to protect its company's interests and some strategies to ensure minimal effect on the business in the event of an IT service interruption. It also explains the methods for addressing the mounting risks with fast-moving trends, including cloud computing, social media, and mobility.
The National Institute of Standards and Technology (NIST) developed a risk management guide for IT systems. An effective risk management process is an important component of a successful IT security program. The principal goal of an organization's risk management process should be to protect the organization and its ability to perform its mission, not just to protect its IT assets.
Therefore, the risk management process should not be treated primarily as a technical function carried out by the IT experts who operate and manage the IT system, but as an essential management function of the ...