ITGumbo: spicing IT up

Why risk management?

Risk management is necessary to avoid loss of revenue. For this plans and procedures are implemented to ensure business continuity, contingency planning and recovery procedures. As knowledge management is for operational excellence and information management is for operational efficiency, risk management is for business excellence and efficiency.

How risk management?

As mentioned in ISO/IEC 17799 risk management is risk assessment, risk mitigation and risk treatment. Risk assessment is identification of security threat, cost of loss and probability of risk. Risk mitigation is preventative, to reduce the affect of risk by providing protection from the security threat and reducing the risk probability so as to minimize the loss. Risk treatment is contingency planning to control the after effect and to recover from the event of risk occurrence.

GARP is a global association that provides training for a certified Financial Risk Managers. Due to uncontrolled collection of personal and context data for advanced IT services the risk to information security has increased many fold. In order to control and protect the consumer rights governments now enforce law by the requirement of regulatory compliance. While these regulations can audit and measure the compliance and risk assessment for the customer interface, risk management is a process that must be integrated with the Product/Software Development Life Cycle (PDLC/SDLC) processes. The usability procedures such as heuristic evaluation, cognitive walkthrough and peer review can be used for risk management.