Book Review - IT Risk by George Westerman and Richard Hunter
Category Book Review
Finally... a book on Information Technology risk that didn't put me to sleep or infuriate me to no end... IT Risk: Turning Business Threats into Competitive Advantage by George Westerman and Richard Hunter. This book and approach makes sense, and weighs options in conjunction with the business rather than in an ivory tower.
Contents:
IT Risk and Consequences; The 4A Risk Management Framework; The Three Core Disciplines of IT Risk Management; Fixing the Foundation - Strengthening the Base of the Pyramid; Fixing the Foundation - Simplifying the Installed Base; Developing the Risk Governance Process; Building a Risk-Aware Culture; Bringing the Three Disciplines Up to Speed; Looking Ahead; Ten Ways Executives Can Improve IT Risk Management; Notes; Index; About the Authors
I'm a software developer, and I'm paid to design and build solutions for our organization. I love what I do, and I *do* realize that there are risks inherent in the choices I make in terms of design. Where I get frustrated is when numerous people review code or designs, and come up with an endless list of "risks" that are posed by your particular design. But at some point, choices need to be made as to what's an acceptable risk and what isn't. And that's where the process often fails. It's safer to discuss and do nothing than to assess risk and choose a path. The 4A framework proposed by the authors help get to this point. The four A's are Availability, Access, Accuracy, and Agility. These areas make up the risk profile for an organization, and allow both the business and IT to talk about risk from the same angle... what benefits the business, what could harm the business, and what are the tradeoffs. These areas are framed against three core disciplines of risk management... the process, an awareness of risk, and the foundation of the IT base. Again, the explanations of these disciplines are clear and concise, and deal with practical reality rather than a theoretical elimination of any and all risk to an enterprise. Because as any IT person will tell you, there is no way to eliminate all risk.
I could see this book being useful for a company that hasn't really addressed a structured risk management process for their IT assets. Time spent here will save you plenty of time, money, and headaches down the road. And for those IT departments who seem to be paralyzed with fear, this could help you break the logjam and start dealing from an angle of practicality.
Finally... a book on Information Technology risk that didn't put me to sleep or infuriate me to no end... IT Risk: Turning Business Threats into Competitive Advantage by George Westerman and Richard Hunter. This book and approach makes sense, and weighs options in conjunction with the business rather than in an ivory tower.
Contents:
IT Risk and Consequences; The 4A Risk Management Framework; The Three Core Disciplines of IT Risk Management; Fixing the Foundation - Strengthening the Base of the Pyramid; Fixing the Foundation - Simplifying the Installed Base; Developing the Risk Governance Process; Building a Risk-Aware Culture; Bringing the Three Disciplines Up to Speed; Looking Ahead; Ten Ways Executives Can Improve IT Risk Management; Notes; Index; About the Authors
I'm a software developer, and I'm paid to design and build solutions for our organization. I love what I do, and I *do* realize that there are risks inherent in the choices I make in terms of design. Where I get frustrated is when numerous people review code or designs, and come up with an endless list of "risks" that are posed by your particular design. But at some point, choices need to be made as to what's an acceptable risk and what isn't. And that's where the process often fails. It's safer to discuss and do nothing than to assess risk and choose a path. The 4A framework proposed by the authors help get to this point. The four A's are Availability, Access, Accuracy, and Agility. These areas make up the risk profile for an organization, and allow both the business and IT to talk about risk from the same angle... what benefits the business, what could harm the business, and what are the tradeoffs. These areas are framed against three core disciplines of risk management... the process, an awareness of risk, and the foundation of the IT base. Again, the explanations of these disciplines are clear and concise, and deal with practical reality rather than a theoretical elimination of any and all risk to an enterprise. Because as any IT person will tell you, there is no way to eliminate all risk.
I could see this book being useful for a company that hasn't really addressed a structured risk management process for their IT assets. Time spent here will save you plenty of time, money, and headaches down the road. And for those IT departments who seem to be paralyzed with fear, this could help you break the logjam and start dealing from an angle of practicality.
| Permalink |
