/ciol/media/agency_attachments/c0E28gS06GM3VmrXNw5G.png)
Follow UsMUMBAI, INDIA: CIOL/CMN recently met up with Sudesh Prabhu, Senior Manager, Symantec Enterprise Services, India, to discuss the findings of an IT Risk Management report. Excerpts from an interview.
CIOL: Could you talk about the findings of the IT Risk management report?
/ciol/media/post_attachments/5bd13f5b137b8f8a75448f64897f265ea71084803f2c753b02030f97ae231739.jpg)
Sudesh Prabhu: We conducted a worldwide survey where we interviewed people across industries and geographies about IT risk management, strategy, threat perception etc. through a questionnaire format. Our findings revealed that many of them are aware of risks, even intricately as well as about compliance required.
What we noticed was that there are several myths associated with IT risks one of them being that most companies see IT risk management more as a project. The discipline of IT risk management is still evolving and has still not reached a stage where it’s matured. We have tried to address this.
The report provides recommendations and facts and figures. How people treat all forms of risks. This has been covered across sectors. This is the second volume and the good news is that many companies have begun measuring risks and its impact in business terms. How the level of enablement is going to impact a company financially and the initiatives that will help drive why IT needs to be managed.
CIOL: How did you go about doing the survey?
SP: We conducted a face-to-face interview through forums and with questionnaires. We interviewed various IT management professionals across the globe and our sample included multiple industries. We had the same questions and objectives set for all.
CIOL: Where exactly were the risks found?
SP: A number of the questions asked were related to the business infrastructure supporting it. Risks associated with IT availability, security, governance, performance and issues that defy the intent of investing in IT. People also did talk about risk related to data protection, IP etc. but they are all somehow part of the four areas mentioned earlier.
CIOL: How would you go about giving suggestions to companies on solutions?
SP: We provide suggestions at two levels. We look at risk management as a separate discipline. Secondly, we recommend the company appoint someone outside IT to take responsibility of risks – someone with a business focus. This is so they can provide an honest perspective and look at the business criticality.
We do this through engagement where Symantec can concentrate on separate requirements and services for the organization but the solution needs to be initiated by the company.
CIOL: Would we see more companies being involved in IT risk management and more studies conducted?
SP: Yes, we do see this initiative happening in the future. This is not just confined to Symantec but both, customers and vendors. With an increase in efficiency there will be better processes in place and his will help mitigate risks and cater to the organizational requirements – for example, what is the business impact to particular risks.