Information Technology Risk Management


Risk Analysis / Reduction in the JANET network

http://www.mau.ac.uk/surveys/archive/network_studies/risk-analysis-public-report/contents.html

Important risks in a network (has a table)

http://www.mau.ac.uk/surveys/archive/network_studies/risk-analysis-public-report/section-5.html

"Sometimes Redundancy is a Mirage"


Risk Mitigation

http://www.aon.com/us/busi/risk_management/risk_mitigation/default.jsp


Storage Risk Mitigation

http://www.ca.com/brightstor/risk_mitigation/

"By identifying the threats and the risks they represent to your business, you can use the business value of the data as the selection criteria to identify appropriate recovery solutions in each scenario."


Conducting an Information Technology Risk Assessment

http://www.bankersonline.com/technology/gurus_tech020303c.html

"Basically, you want to identify all operational systems, and their inputs and outputs. Then, take a look at your exposure to loss, unauthorized access, excessive downtime, etc.

Then, begin to assess the risk to your bank's operations if one or more of your considered risk scenarios plays out."


Acceptable use of Information Technology Resources

http://www1.umn.edu/oit/security/Anti-virusstandard.shtml

"Computers used to control or report results from instrumentation (such as research instrument controllers) and some proprietary uses of desktop computers present unique challenges. If, for some reason anti-virus protection is not feasible, other risk mitigation alternatives (in addition to routine system patching) are required such as the removal of e-mail and other services and use of a software firewall. In some cases, removal of the computer from the University network may be the best alternative to mitigate the risk."


Security / Risk Mitigation

http://www.gmri.com/dev2go.web?anchor=risk_mitigation

Mitigation of risks via Authentication, firewalls, Intrusion Detection, vulnerability testing, virus updating, training, testing


Security at Cisco

http://www.cisco.com/security/

"Their focus is on the integrity, availability, and confidentiality of all critical information produced, transmitted, or stored at Cisco. The goal being that risk acceptance is balanced against risk mitigation to ensure business needs are met, while maintaining high security standards."


IBM & Network Security

http://www-8.ibm.com/services/au/its/nis/security.html

"... create a risk mitigation strategy that takes into account your security policies and business goals, your IT and network strategies and requirements, and your network's vulnerabilities. Building on this risk mitigation strategy, IBM will help you create a solution designed to effectively protect your vital business processes and data assets."


Cisco routers - Various Physical Threats and Mitigation

http://www.informit.com/articles/article.asp?p=102180&seqNum=2

Hardware threats, Environmental threats, Electrical threats, Maintenance threats...

Securing administrative access, connection through console port, password policy