Escolar Documentos
Profissional Documentos
Cultura Documentos
Session 3
1. Why is it important to implement Information Technology (IT) risk management?
2. What is contingency planning? Please explain in your word in detail.
3. Who will be responsible to implement IT risk management? How the organization
structure base on the book Principles of Incident Response and Disaster Recovery by
Whitman.
4. Please explain the four documents that need to be prepared in implement contingency
planning.
Name : Togi Josua Hutapea
Answer:
1. Implementation of the goals and objectives of IT risk management is to reduce the risks
that might arise in the system or IT infrastructure (threat). With the expected adoption of
IT risk management threats and risks that can disrupt the system can be avoided or
mitigated. And also if the threat is indeed the case, expected activities of the company are
not stalled. So it does not cause a significant loss for the company.
2.
According to Childs and Dietrich (2002) contingency are:
The additional effort to be prepared for unexpected or quickly changing circumstances (Childs
& Dietrich, 2002: 241)
According to Oxford Dictionary & BNPB, ( 2011) contingency are:
a condition or situation that is expected to happen, but it probably will not happen.
According to me, contingency plan are :
plan prepared to confront a situation or a situation that is expected to happen, but it probably
will not happen
Common errors that occur in preparing a contingency plan is to develop a contingency plan as an
action when there are problems, not the action that has been prepared.
Examples of incorrect contingency plan is:
Broken machine, a contingency plan:
Fix the machine, or set the priority of production
Report manager / customer.
Shortage of labor, contingency plan:
Setting workforce.
Set priorities.
The above example is action when there is a problem, so it is not a contingency plan, because it
is not an act of anticipation that had been prepared in advance.
Contingency planning is one of the various plans that are used in the risk management cycle. The
following are activities undertaken and planned use of the stages of the risk management cycle:
Table 1: Activities and Plans Used in Risk Management Cycle
Cycle
The situation does not occur
the disaster
Potentially catastrophic
situation
Disaster
After disaster
Source: BNPB (2011)
activity
Prevention and
mitigation
Preparedness
Plan
Mitigation plan
Emergency respon
Recovery
Operation planning
Recovery planning
contingency plans
From the table above we can see that contingency planning is done when there is
the potential for Disaster Risk or at the stage of preparedness activities.
3.
Develop the risk management plan in collaboration with stakeholders (policy and
operational): Involve people with expertise, competency and different skills or
backgrounds to ensure that the best available advice informs the risk management
plan. Implementation agencies are often better placed than policy agencies to
identify implementation risks, suggest treatment strategies, and advise on risk
tolerances.
The organization structure base are :
Managers responsible for overseeing IT operations or business processes that
rely on IT systems;
o
System administrators responsible for maintaining daily IT operations;
o Information System Security Officers (ISSOs) and other staff responsible
for developing, implementing, and maintaining an organizations IT
security activities;
- System engineers and architects responsible for designing, implementing, or
modifying information systems;
- Users who employ desktop and portable systems to perform their assigned job
functions; and
- Other personnel responsible for designing, managing, operating, maintaining, or
using information systems.
4. -