IBM Chief Information Officer (CIO): Enterprise risk, risk mitigation

Chief information officer

Enterprise risk mitigation

Profiting from PCI compliance

PCI standards can underpin your risk management strategy (496KB)

Enterprise risk mitigation: It's no small task, in part because enterprise risk is so pervasive — from natural catastrophes to internal and external threats, from audits to legal requests. Much of an enterprise’s risk mitigation falls to the chief information officer (CIO), who must ensure IT continuity, resilience, compliance and security to safeguard assets and help minimise negative financial exposure.

Featured research and insights

A comprehensive, best-practices approach to business resilience and risk mitigation (285KB)

White paper
Published: Feb 2008
All research and insights
Featured CIO videos
Case studies

Solutions

Security and privacy services (US)
Design, implement and manage security measures that address both internal and external threats

Internet Security Systems (US)
Protect your networks with assessment, defense, monitoring and reporting solutions

Payment card industry (PCI) solutions (US)
Implement strong controls to help you maintain a consistent PCI compliance environment.

Business continuity and resiliency services (US)
Maintain operations under virtually any condition, comply with regulations and gain the ability to recover from disasters

IBM Global Financing
Get the services you need right now, while freeing up cash for core investments

Close [x]

A comprehensive, best-practices approach to business resilience and risk mitigation

Risk mitigation plans at many organisations fall short simply because they fail to take into account all the risks they actually face.

Abstract: A successful governance and risk mitigation strategy must operate at multiple levels with broad coverage. Risk mitigation plans at many organisations fall short simply because they are not comprehensive and fail to take into account the reach and range of all the risks that they actually face. Often this occurs when organisations only focus on specific areas of risk categories, only plan for certain types of risk or don’t understand all the different areas in their organisation that particular risks will impact. For example, in the area of disaster recovery, most plans fail to account for the following areas of concern:

• Human issues — Plans are often inadequate for ensuring communication with, support for and mobilisation of employees, decision makers, suppliers and customers, as well as providing the means to protect families.

• Infrastructure issues — How will the organisation deal with prolonged power failures, travel and transportation restrictions and logistics disruptions? Are there adequate fuel supplies? Are resources such as generators staged in safe locations?

• Business issues — The traditional view of disaster recovery has primarily been focused on data and the IT infrastructure, but many of the impacts of a disaster are business-related issues that affect people, business processes, facilities, transportation, communications and regulatory compliance.

• Community issues — Organisations must not neglect their responsibility to help employees and their local communities and regions recover from major disasters.

This white paper discusses common types of risk, the considerations for each and the steps organisations must take to develop an effective risk mitigation strategy.