Information Risk Management From Theory to a Healty Business

How is risk defined? And what is the definition of risk management?
Which is the correct attitude of a good manager in front of risk? And how come risk is considered to be a combination of danger and opportunity by the Asiatic philosophy? Is it possible to consider risk an opportunity? Or it is just an unfortunately event?
The risk management concept is relatively new, being taken into consideration in the business environment only at the end of the ’90s. And according to Project Management Institute risk management is a systematic process of identification, analysis and response to project risks, a process which includes risk identification, risk quantification, risk response plan and risk response control. Depending on the author of the methodology, the order or the name of these sub-processes varies. Thus, risk identification and risk quantification are sometimes taken together and bear the name of risk assessment or risk analysis; the risk response plan is sometimes also met under the name of risk mitigation plan; the risk response plan and the risk control plan are sometimes taken together under the name of risk management plan. All these processes are important in a risk management plan, but one is definitely considered to be a “landmark” for the rest. And this is risk assessment.
As we will see in this paper, risk management means making steps in order to identify those risks with a highly probability of causing problems, to analyze the probability of loss and the magnitude of loss for each risk and developing composed risks, to classify the risk points identified according to the composed risks they belong to.
In our opinion risk management is much more that being addicted to a model, even its name is BS 7799, ISO 17799, TickIT, ITIL, SOX, CobIT, Octave, Delphi, Mehari, and so forth. Because it is not enough to comply with one of the above to be able to consider even for a moment that the business you run is totally ensured and protected from risks.
In this respect we will try to break down the existing barriers in the theory of the information risk assessment, proposing new models and a new theory. In other words, in this paper we will try to see which are the steps for transforming risk assessment from a complex theory, not just into a policy governed by best practices and standards, but way beyond, into a healthy way of running day to day businesses.

See the entire article here www.managementul-riscurilor.ro!

About Valentin Mazareanu

Valentin P. Mazăreanu, doctor în economie. Subiecte de interes: managementul riscului, securitatea informaţională, managementul proiectelor. Ocupaţii în prezent: project manager al www.managementul-riscurilor.ro, Co-Regional Director of PRMIA Bucharest Chapter, Director General al Paideia Consulting SRL Iasi, Expert IT în proiecte cu finanţare nerambursabilă. Studii: liceu militar, facultate de drept, master în Sisteme Informaţionale pentru Afaceri, studii doctorale în economie. Dezvoltare profesională: stagiu de cercetare în Franţa, Poitiers (subiect: managementul riscului); şcoală de vară în Finlanda, Jyvaskyla (subiect: managementul riscului, dreptul de proprietate intectuală, knowledge management); training internaţional Slovenia, Ljubljana (subiect: managementul proiectelor internaţionale); training naţional Romania, Iaşi (subiect: antreprenoriat, Analiză Tranzacţională, NLP, Comunicare şi Negociere).

Lasă un răspuns

Adresa ta de email nu va fi publicată. Câmpurile obligatorii sunt marcate cu *

Acest sit folosește Akismet pentru a reduce spamul. Află cum sunt procesate datele comentariilor tale.