Assessing, managing enterprise risk

* What it takes to manage virtual servers

Managing enterprise risk requires IT executives to perpetually perform a juggling act of sorts.

IT executives must provide technologies and services to enable the business to thrive and grow, but at the same time they need to maintain tight controls on resources, access rights and the environment to prevent the risk of technology to the business from outweighing the reward.

"Organizations have always had to manage risk. Business survival requires an organization to successfully manage risk," reads a Forrester Report released last week entitled "Demystifying Enterprise Risk Management." "The challenge is that there are multiple definitions, approaches to and reporting of risk that are managed in silos across the organization. Risk managers must understand the varying views of risk across the organization and decide on a common framework of risk that the entire organization can work within."

That means IT is charged with making certain individuals are equipped to do their jobs without putting the company or its intellectual property in harm's way. For instance, risk management includes ensuring unauthorized individuals are not accessing certain data or working on systems not within their privileges, but it reaches much further than that.

According to Forrester Research, companies must first define risk and apply the comprehensive definition of risk across the entire organization. The research firm narrows it down to: "Risk is the effect of uncertainty on organizational objectives" and "Risk management is the coordinated activities to direct and control an organization to realize the opportunities while mitigating the negative consequences of events." Today several vendors are working to help customers ease the burden of first identifying and then managing risk with technologies falling into the broad governance, risk and compliance (GRC) market

For instance, IBM earlier this year detailed its plans to address customer pain points around GRC and Symantec followed suit by offering IT-risk assessment services this past summer. And start-ups are emerging to tackle this problem as well. Newcomer Securityworks this week launched itself as a enterprise risk management software provider, after offering services in that market for the past few years.

For its part, Securityworks this week released VisibleSecurity 3.0, which includes updated features to address risk and compliance management in larger enterprise environments. The Dallas company, headed up by company President Bryan Fish, offers the software to help companies collect data from distributed systems and create a scorecard of sorts for risk. Customers use a Web-based interface to assess the information collected and apply centralized controls to the distributed systems.

"Companies need to stop working silos and address risk strategically rather than tactically in pieces," Fish says. "Our software enables them to put a centralized control framework in place and have one set of strong access controls."

Editor's note: Starting the week of Nov. 19, you will notice a number of enhancements to Network World newsletters that will provide you with more resources and more news links relevant to the newsletter's subject. The Network/Systems Management newsletter written by Network World Senior Editor Denise Dubie will be merged with the Network/Systems News Alert and will be named the Network/Systems Alert. You'll get Denise's analysis of the network/systems management market, which you will be able to read in full at, plus links to the day's network/systems management news and other relevant resources. This Alert will be mailed on Mondays and Wednesdays. We hope you will enjoy the enhancements and we thank you for reading Network World newsletters.

Learn more about this topic

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2007 IDG Communications, Inc.