How much time every day do you spend thinking about risk? No matter what your answer was, I’m willing to bet that you are not spending enough time on this important subject. Every IT manager knows that there are risks all around us each and every day. In fact, the number of risks that your IT team is facing is probably growing every day. The big question that you need to have the IT manager skills to answer is what should you be doing about this?
5 Things That An IT Manager Needs To Know About Risk Management
When starting to think about how you want to deal with all of the risks that your IT team is facing, things can become overwhelming very quickly because none of us have had IT manager training that taught us how to deal with this issue. What you need to do is to take the time to prioritize how you are going to be spending your time. Here are 5 things that you are going to have to know about how to most effectively tackle your risk issues:
- Start With What You Know: Of course every IT manager should start out by making sure that the key risk areas that their IT team is facing are covered. Key areas to be covered include making sure that your team won’t experience any data breaches. Once you’ve got this all taken care of, it’s time to look beyond the just your team and take a look at the entire IT department. Take the time to understand how the IT department is using all of that data that is gathered and see if other IT teams are exposing themselves to risk as they use what you’ve given them.
- Don’t Get Caught Up In Compliance: It can be all too easy for an IT manager to become focused on a given compliance project (HIPPA, Sarbanes-Oxley, etc.) and be left with the false sense that they’ve got their risk under control. These programs can help you manage your risk, but they don’t do it all. What you want to do is to stay ahead of the risks that your company is going to be facing and if you are just spending your time trying to be compliant, then you’re going to end up falling behind.
- Look On The Bright Side: With all of the other projects that an IT manager has on his or her plate, risk management may not be the one that you really want to spend much of your time working on. However, you need to realize that this type of program will provide you with an opportunity to learn more about the IT department’s overall business processes and how it uses its data. Having a good understanding of this should only help to further your career.
- It’s All Been Done Before: The good news about setting up a risk management program for your IT team is that you are not the first IT manager to do this. It turns out that there are a number of different “cheat sheets” that you can use to get your program off of the ground. These include ISO 31000, and ISACA’s Risk-IT. However, as with all such templates, you need to keep in mind that these were not created with an understanding of your particular IT team’s needs. You’re going to have to take the time to find out how to modify them to fit the way that your company operates.
- Know Who You Are Up Against: Every risk program has to be started by having you sit down and spend some time thinking about just exactly who you are trying to protect your team from. Yes, there are the usual list of external suspects. The hackers and others who are trying to get their hands on your team’s most valuable secrets via social engineering or other methods. However, you also have to keep in mind that your greatest threats may be coming from other members of your company. These are the ones who are already on the inside and who may be able to do the most harm in the least amount of time.
What All Of This Means For You
IT managers may think that they have a more important job to do besides risk management for their IT team (such as IT team building), but I wouldn’t know what it would be. One of the biggest challenges that IT managers face when trying to create a risk management program is that it can be confusing as to just exactly where they should start.
In order to get your risk management efforts of to a good start, there are 5 things that you need to do. You need to start the program by securing your IT team and then following the data into other IT teams and making sure that they are secure also. Realize that compliance programs are good, but they are not enough. View creating a compliance program as a true career opportunity for you. Everything has been done before and that means that you can use “cheat sheets” to get your program started. Finally, make sure that you understand who you are up against so that you can create the right type of program.
Although most IT managers would rather spend their time working on programs that have to do with mobility or cloud computing, it’s the risk management program that they create that may be of the most value to their company. Take the time to understand what you want to do and how you’re going to do it and you’ll be able to create a program that will keep your IT team’s intellectual property safe and secure.
– Dr. Jim Anderson
Blue Elephant Consulting –
Your Source For Real World IT Management Skills™
Question For You: Do you think that an IT manager should enlist managers from other parts of the business to help with the risk management program or go it alone?
Click here to get automatic updates when The Accidental IT Leader Blog is updated.
P.S.: Free subscriptions to The Accidental IT Leader Newsletter are now available. Learn what you need to know to do the job. Subscribe now: Click Here!
What We’ll Be Talking About Next Time
As IT managers sometimes we tend to think that we know it all – that we have all of the IT manager skills that we need. This can be dangerous, especially when it comes to conducting job interviews. If you don’t have the right IT manager training then what goes on during a job interview just might land both you and your company in court and that’s something that nobody wants. Let’s take a look at what you must never say during a job interview.