IBM - CIO Interaction Channel - Risk Mitigation

Risk mitigation plans at many organisations fall short simply because they fail to take into account all the risks they actually face.

Abstract: A successful governance and risk mitigation strategy must operate at multiple levels with broad coverage. Risk mitigation plans at many organisations fall short simply because they are not comprehensive and fail to take into account the reach and range of all the risks that they actually face. Often this occurs when organisations only focus on specific areas of risk categories, only plan for certain types of risk or don’t understand all the different areas in their organisation that particular risks will impact. For example, in the area of disaster recovery, most plans fail to account for the following areas of concern:

• Human issues — Plans are often inadequate for ensuring communication with, support for and mobilization of employees, decision makers, suppliers and customers, as well as providing the means to protect families.

• Infrastructure issues — How will the organisation deal with prolonged power failures, travel and transportation restrictions and logistics disruptions? Are there adequate fuel supplies? Are resources such as generators staged in safe locations?

• Business issues — The traditional view of disaster recovery has primarily been focused on data and the IT infrastructure, but many of the impacts of a disaster are business-related issues that affect people, business processes, facilities, transportation, communications and regulatory compliance.

• Community issues — Organisations must not neglect their responsibility to help employees and their local communities and regions recover from major disasters.

This white paper discusses common types of risk, the considerations for each and the steps organisations must take to develop an effective risk mitigation strategy.

Governments should implement identity management solutions that enable quick and accurate identity information exchange, while protecting individual privacy rights and civil liberties.

Abstract: Balancing the growth in global travel against the escalating threat of identity fraud, illegal immigration, international crime and global terrorism has driven many nations to invest in measures to improve identity management. The increasing demands of globalization – in which products and services, and the people who provide them, must move expeditiously across international borders – have prompted a closer examination of the effectiveness of some of these programs. Many governments have invested in “smarter” drivers’ licenses, passports, automated border control systems and visas, resulting in more secure forms of identification, but have often done so without much consideration for their impact on a nation’s overall identity strategy.

Additionally, identity management programs ideally include safeguards for public health and safety – as well as creating mechanisms for enhanced government services and the preservation of individual liberties, such as privacy and individual data security. But in reality, many governments are finding their programs ill-equipped to provide the various protections and services for which they were supposedly designed.

In the absence of a comprehensive national strategy, governments also cannot be certain the identity data entrusted to their care is either secure or private. Based on recent research conducted by IBM, we believe it is time for both governments and the private sector throughout the world to take a new look at identity management and explore ways to facilitate communication and collaboration among government, industry and society.