Добавил:
Опубликованный материал нарушает ваши авторские права? Сообщите нам.
Вуз: Предмет: Файл:

Beating IT Risks

.pdf
Скачиваний:
54
Добавлен:
17.08.2013
Размер:
3.24 Mб
Скачать

274

Index

 

 

hazard and operability analysis 32 health metaphors 33, 34

Hoechst 42

Horizon 244

human–computer interface problems 187–8

human resource management 248

ICL 153 identification

of distressed projects 78 of project risks 97–100

identity theft 244 IEEE standards 96

impacting organization 85–7 industry-wide risk context factors 118 information assets 12–13, 50

access 126–7

asset categories and control 143–4 availability 127

case study 150–1

computer and network management 144–6

degraded, impacts of 129–32 exploitation, impact of 127–9 impacts 111

management implementation 138–48 policies 141–2

record keeping 143 risk assessment 142

roles and responsibilities 143 security 132–8

system access control 146–8 information security management 13, 126

standards 138

staff behaviour 139 policy confirmation 141

information technology capability, influence on business capability 230–2

Information Technology Infrastructure Library (ITIL) 120, 180, 214, 215

infrastructure 15–16 centralized computing 207–8 data networks 209–11 distributed computing 208–9 evolving risks 212–14 facilities 206

failure 51–2, 206–12 industry-specific risks and 211–12 market dynamics 212–13

migration of IT applications into 212 timing 213

transformation, de-risking 216–17 utility model 213–14

voice networks 211

in-house service delivery 161–2 insider abuse 133

instant messaging 33 insurance 29

integrity 126, 132, 134 loss of 130–1

intellectual property 137, 184, 196 interdependency 88

International Standards Organization (ISO) 13, 47

quality software model 96 standard 17799 120, 139 standards 96

Internet addiction 59 intrusion detection 144 investment lifecycle 25, 26 investment traps 26 investor perspective 24–7 isolation 59

issue forums 37

key performance indicators 228 Knowledge Capital 126

knowledge management systems 33, 229

legacy systems 16 legal function 249–50 legal impact 58

legalistic approaches to governance 22 Libra project 153

licence revenue 137

life scientist perspective 33

lifecycle approach to managing IT risk applications 198–201

concept and feasibility 199 implementation 200

maintaining and evolving systems 201 requirements and solution architecture

198

retirement and decommissioning 201

Index

275

 

 

solution build, acquisition and integration 200

strategy, architecture and planning 198 testing 200

like for like option 94 London Stock Exchange 107

Taurus project 2, 97 lost benefit risk 73 Love Bug virus 197

management responses to project 98–9 Marine Information for Safety and Law Enforcement (MISLE) system 71

market risk 17

maximum tolerable outage (MTO) 109, 141, 185, 206

merger & acquisition 191 methods and standards, delivery

assurance and 96–7

multiple concurrent IT projects 79 Mydoom 107

National Air Traffic Services (NATS) 183 National Australia Bank 242, 244 National Bank of New Zealand 205 natural disasters 135

natural systems perspective 33

New Basel Capital Accord 241–2, 243 Next Generation Switching 205

offshore sourcing 177–8 open-book accounting 160–1

open-source software support 178–9 opportunity cost 131–2

ordinary failures 76

organization impact as risk factor 83 organization-specific risk context factors

119

organizational learning 64, 78 organizational views of risk 78–82 outputs and deliverables 95 outsourcing 3, 5, 14, 29, 56

agreement 117 over-enhancing, risk of 93 overheads 79

PABX 211 partial failure 74

partner risk 5 password control 147 patents 13, 137 penetration testing 134 people

delivery assurance and 95–6 selection and allocation 80

personal security 140–1 phishing 133

physical security 140, 250

piecemeal approach to risk management 5, 65

planning 80, 113–17, 198 business continuity 42, 141

disaster recovery (DR) 42, 47, 110 enterprise resource (ERP) 95, 228 service continuity 109

points of dependency 79

police service disaster avoidance–disaster recovery strategy 123–4

portfolio approach 7 post-implementation phase 102 post-implementation review (PIR)

activities 79 PRINCE2 96 probability 4

process engineering approach 32 program views of risk 78–82 project complexity as risk factor 83 project culture 78

project failure 49–50 impact of 73–7

project management 80 project risk 49–50, 54–5

assessment 5

degree of difficulty 88–9 factors, misinterpreted 89–92 management 10–11

Project Risk Exposure 88 project size as risk factor 83 project triage analogy 98–9 project views of risk 78–82 prototyping 85

public switched telephony service (PSTN) 211

Qantas 207

qualitative analysis techniques 64, 239

276

Index

 

 

quality

assurance 86–7 failure 49

gap 75

service provider failure and 156 quantitative risk analysis 29, 64, 239

real options theory 25 recovery 120, 121

capability 110 routines 17

strategy, specific 119

recovery time objective (RTO) 43 regulatory approaches to governance 22 regulatory impact 58

repair cost 131 reputation 10, 18, 58

requirements and architecture phase 100 research and development 85

residual risk 47

resilience 110, 119, 120, 121 return on investment 3 Rhone-Poulenc 42

‘right now’ benefits 121 risk and reward 29

risk aversion 82

risk-based management, supporting with IT 245–8

risk classes 49–52

applications and infrastructure risk relationships 56–7

project risk 49–50, 54–5 relationships between 53–7 service provider and vendor risk

relationships 55–6

strategic and emergent risk 52, 53–4 risk exposure, concept of 84

risk leverage 61

risk management capability 60–6 implementation and improvement 64–5 people and performance 64

processes and approach 62–4 roles and responsibilities 61–2 strategy and policy 60–1

risk management lifecycle 62

risk management of information systems (RMIS) 17

risk management profile 84

risk management responsibilities 62, 63 risk management standards 6

risk portfolio 9–18, 45–69

managing like other business risks 46–8

need for 46

portfolio of risks 48–9 risk impact 57–9

RiskIT 96 risk-reward 4, 7, 9 RMIT 183

roles and responsibilities for risk management 239–40

root access privileges 147 root-cause analysis 163

Royal Automobile Club of Victoria 171

Sarbanes-Oxley Act (USA) 135 SCO Group 107

scope, failure in 49 security 132–40 seed funding 85, 87

SEI Capability Maturity Model 28 service continuity 50

budget setting 117–18 buy-in and appetite 120 designed-in 119 implementation 117–21

performance indicators 120–1 planning 109

risk context 118–19

service delivery in-house 161–2 service failures 109–13

service level agreements (SLAs) 170 service performance 109–10 service provider failure 154–63

difficulty integrating services 159–60 failure to deliver project services

156–7

failure to meet other contract or relationship requirements 156

failure to meet service levels for an operational service 155

failure to stay in business 157–8 finger-pointing rather than

accountability 158 inflexibility 159

lack of control 161

Index

277

 

 

one-horse races rather than contestability 158–9

poor value for money 159 poor visibility 160–1 transition risks 160

unfulfilled transformation objectives 160 service provider risk, managing 165–74

ability to change 171 evaluation 168 lower risks 172–4 management 169 negotiation 168–9 pre-negotiation 167

review/termination/renewal 169–70 rights and responsibilities 170 risk-effective contracting 170–2 service level agreements (SLAs) 170 sourcing strategy 166–7

terms and conditions 171–2 transition 169

service providers and vendors 13–14, 50–1, 55–6

service providers, multiple

align technology strategies with sourcing strategies 176

clusters of IT services 174–6 link processes end-to-end 176

service provision, new and emerging risks 176–9

services 11–12, 107–24 shared resource base 79

shared services, in-house/external 162 shareholder value 227–9

significance of portfolio 9 size, failure and 84–5 skills and experience 90 Softbank BB Corp 148 software

assets and liabilities 195–8 errors 134

licenses 196–7 project failures 25

unwanted and unwelcome 197–8 spam prevention 144

stability of requirements 89–90 standardization 16

step-in rights 171 storage virtualization 214

strategic and emergent risks 16–17, 52, 53–4

strategic failure 3

diversity vs standardization 224 graceful degradation 222–3 sabre-rattling 226

strategic importance of IT 224–5 sustainability 225–6

strategy and planning 249

Structured Systems Analysis and Design Methodology (SSADM) 10, 92, 96

superuser 147

supplier or partner IT failure 135 surprises and reactivity 5, 65 surveillance 246–7

SWIFT 119, 153

system access control 146–8 authentication 147 identification 147

least privilege 146 system time-out 147

systems development and maintenance 148

system failures managing 111–12

in project delivery 76–7

systems enabling organizations 228–9

Tampere Convention for telecommunications 117

team efforts, where to focus 240 team skills and capability 83 technical risk 5

technology 87

number and types 90–2 risk and 83

telephone messaging 33 termination-for-cause provisions 171 termination-for-convenience provisions

171

testing, acceptance and implementation phase of project 101–2

third party risks 14 time 213

failure 49, 74–5

service provider failure and 156 tracking 81

decision-making and 81–2

278

Index

 

 

trademarks 137 trust 22, 140

underperformance 66 understanding IT project risk factors

82–95

Unified Process methodology 92, 96 uninterruptible power supplies (UPS)

108 Unisys 171

upgrade and replacement 93–5 US Navy desktop fleet 205 user error 134

utility failure 134 utility model 213–14

V model 95

value chain 50–1, 153 vapourware 165

vendor failure, dimensions of 163–5 aggressive upgrade cycles 164 failure to support product 163–4 functional gaps 164

proprietary solution lock-in 165 unfulfilled promises 165

vendor risk relationships 55–6 Virgin Blue 207–8

viruses 133, 144, 197–8 VIS 71

voice networks 211

water company case study 203–4 Web services 214

Westfield Corporation 227 whistle-blowing 5, 64

World Health Organization 206, 236 worst case scenario 57

Yahoo 227