Is IT governing us or are we governing it?          Managing ICT Related Risks: Who is Responsible and                    ...
Agenda• Introduction• An overview of ICT and its Security  Problem• ICT related risks• What went wrong• Who is responsible...
Technology Trend        • Stone, Iron, Industry, Information Age!        • The world has now moved from natural          r...
• Because the organizations value have        moved from tangible to intangible assets        the risks has moved too, hen...
ICT in Critical National infrastructures           Private and public organizations, government, and           the nationa...
The national economy is increasingly             reliant upon certain critical infrastructures             and upon cyber ...
Agenda• Introduction• An overview of ICT and its Security  Problem• ICT related risks• What went wrong• Who is responsible...
An overview of ICT & its security ProblemInformation security is about protection of ICT assets/resources in terms ofConfi...
An overview of ICT security ProblemManaging ICT security is a continuous process by which an organisationdetermines what n...
ICT related risks from the Business                    Perspective         Business risks result from using ICT as        ...
Refer GOLDEN TULIP HOTEL,                     DAR ES SALAAM                23th August, 2006 Workshop                     ...
12©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
13©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
14©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
15©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
16©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
• Problem by then                                                           17©2010 Open University of Tanzania – Dr. Jabi...
Security Management in                                              the organisations -                                   ...
An overview of ICT Security Management in               the organisations -          Perception Problem                   ...
By Mid – 2007 - A Final Holistic Approach for Managing ICT                      Security in Organisations was produced    ...
Each process maps the Holistic View of                   the security Problem                                             ...
Management team discussing ICT                security Problem          This is a technical          problem              ...
Four Years Later - More                  developments and more                        problems….                          ...
Agenda•    Introduction•    An overview of ICT and its Security Problem•    What went wrong•    Who is responsible•    Les...
ICT Service delivery problemsblem                                                                          25   ©2010 Open...
ICT Service delivery problemsProblems related to failureof accessing computerizedservices in a number ofconnected offices ...
ICT Service delivery problems                                                           27©2010 Open University of Tanzani...
Customers waiting to pay their taxes!                                                             28©2010 Open University ...
ICT operational incidents                                                             Transactions delays                 ...
ICT disposal management                                                   ICT hardware disposal                           ...
Is IT governing us or are we governing                                it?©2010 Open University of Tanzania – Dr. Jabiri K....
• Despite of many technical solutions       available-The problem of management       of ICT-related risks in organisation...
What went Wrong?                  And why in                  Tanzania?                                                   ...
ICT Risk Management Drivers – a                 Comparative Study of Sweden,                              USA,            ...
• The interesting questions here was,            – what is it that makes the difference?            – Is it because of the...
Objectives         • The objective of this study was to investigate the           effects of some possible ICT risk manage...
Examples of ICT Risk Management                         Drivers     • One condition for global collaboration between      ...
Research approach, Methodology     • Based on the four studies, status and       experiences of how ICT risk management is...
Studies in the four Countries (Swedish)     • Study on Swedish government agencies concerning the use       of IT security...
Studies in the four Countries (USA)     •     The USA study was based on the “2006 CSI/FBI Computer Crime and           Se...
41©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
Studies in the four Countries (India)     • The study in India was based on the medium-sized       company as a representa...
Studies in the four Countries (Tanzania)      • The study in Tanzania took place between 2003 and 2006 -           the res...
Today in Tanzania …©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
• Poor Planning and Management of ICT     – Lack of alignment between ICT strategy and       business strategy     – High ...
• Problems in Acquisition of ICT related          Solutions          – Ad hock and Uncoordinated ICT            initiative...
Problem in Acquisition of ICT related Solutions                          Vendor                                           ...
• No proper ICT related Risk Management                – Security policy and procedures not in place                – Inad...
• Obsolete Organization Structure                – ICT function seen as only operations not                  across-cuttin...
Obsolete Org structures     Management                                                                                   S...
Lack of awareness about ICT                                                           related Risks to customers – while  ...
• Introduction      • An overview of ICT and its Security        Problem      • What went wrong      • Who is responsible ...
• Referring to the studies, one can see       that Market Pressure and Customer       Demand, which lead to regulatory    ...
• The key point was to get senior management’s backing      and involvement in the ICT risk management process    • This s...
• Through Regulation (such as SOX), senior     managers were in varying degrees held     personally accountable;      – We...
Currently empirical data concerning             the influence of cultural factors on            ICT risk management are we...
• Introduction       • An overview of ICT and its Security         Problem       • What went wrong       • Who is responsi...
ICT is critical and strategic to organization’s                           business operations            ICT involves huge...
•Top management and oversight bodies that are vested with      day to day planning, organizing, controlling, directing and...
• Introduction      • An overview of ICT and its Security        Problem      • What went wrong      • Who is responsible ...
• Cooperate boards compositions to include ICT          experts, just like the way we include board members          with ...
Conclusion and Outlook      • The principle goal of an organization risk        management process should be to protect   ...
Approaching IT governance                                 • Aligning IT & Business                                 • Manag...
How could the management of ICT                 related Risks be improved, in order to                reduce the potential...
How to Plan and design a suitable ICT Security Management Process©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
Its now the intangible economy !   Information is the most valuable asset and is the only      commodity that can be stole...
Thank you!                                                                   67©2010 Open University of Tanzania – Dr. Jab...
Upcoming SlideShare
Loading in …5
×

Dr bakari presentation

951 views

Published on

Published in: Business, Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
951
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
12
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Dr bakari presentation

  1. 1. Is IT governing us or are we governing it? Managing ICT Related Risks: Who is Responsible and What Went Wrong?: Dr. Jabiri Kuwe Bakari (BSc. Computer Sc., Msc. (Eng.) Data Communication, Ph.D.) Lecturer & Director, Institute of Educational Technology The Open University of Tanzania E- mail: jabiri.bakari@out.ac.tz Hilton Double Tree Hotel-Osterbay,Slipway Road 8th December, 2010 1©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
  2. 2. Agenda• Introduction• An overview of ICT and its Security Problem• ICT related risks• What went wrong• Who is responsible• Lessons from others• What can be done? 2©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
  3. 3. Technology Trend • Stone, Iron, Industry, Information Age! • The world has now moved from natural resources to information economy. • Information held by public and private organisation’s information systems is among the most valuable assets in the organisation’s care and is considered a critical resource, enabling these organisations to achieve their objectives 3©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
  4. 4. • Because the organizations value have moved from tangible to intangible assets the risks has moved too, hence the overall cooperate risk management should take a new track • Today ICT is in Almost all National Critical Infrastructure 4©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
  5. 5. ICT in Critical National infrastructures Private and public organizations, government, and the national security system increasingly depend on an interdependent network of critical physical and information infrastructures. Examples – energy production, transmission, and distribution – telecommunications, – financial services, – transportation sectors: railways, highways, airports etc. – systems for the provision of water and food for human use and consumption – continuity of government. – chemical industry and hazardous materials – agriculture – defence industrial base 5 – gas and oil storage and transportation©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
  6. 6. The national economy is increasingly reliant upon certain critical infrastructures and upon cyber based information systems Any compromise or attacks on our infrastructure and information systems may be capable of significantly harming our economy! 6©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
  7. 7. Agenda• Introduction• An overview of ICT and its Security Problem• ICT related risks• What went wrong• Who is responsible• Lessons from others• What can be done? 7©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
  8. 8. An overview of ICT & its security ProblemInformation security is about protection of ICT assets/resources in terms ofConfidentiality Integrity Availability – (information and services)Access Control to Information Involves: Protective/Proactive, Detective, Holistic View of ICTReactive and/or Recovery Measures security Problem Software (Operating systems, Application software) set of instructions ICT Valuable asset of organizations-Information 8 Valuable asset of©2010 Open University of Tanzania – Dr. Jabiri K. Bakari organizations-Information
  9. 9. An overview of ICT security ProblemManaging ICT security is a continuous process by which an organisationdetermines what needs to be protected and why; what it needs to be protectedfrom (i.e. Threats and Vulnerabilities); and how (i.e. mechanisms) to protect itfor as long as it exists. Holistic Approach Malicious software (Virus, requiredAuthorised user worm or denial-of-serviceabusing his/her attack, Backdoors, salamiprivileges e.g. attacks, spyware, etc.) canDisgruntled staff be introduced here ! Physical security of the hardware Valuable asset of the 9 organizations-Information Valuable asset of the©2010 Open University of Tanzania – Dr. Jabiri K. Bakari organizations-Information
  10. 10. ICT related risks from the Business Perspective Business risks result from using ICT as business enabler without having in place proper ICT Governance and related risks controls.©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
  11. 11. Refer GOLDEN TULIP HOTEL, DAR ES SALAAM 23th August, 2006 Workshop Four Years Ago 11©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
  12. 12. 12©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
  13. 13. 13©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
  14. 14. 14©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
  15. 15. 15©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
  16. 16. 16©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
  17. 17. • Problem by then 17©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
  18. 18. Security Management in the organisations - Tanzania At the strategic level (Absence of ICT Security policy, no defined budget for ICT security, Perceived as technical problem and not business risk) At the operational (perceived to belong to the IT Perception Problem departments and in some cases not coordinated) Absence of designated ICT security personnel/unit. 18©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
  19. 19. An overview of ICT Security Management in the organisations - Perception Problem Ad-hoc 19©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
  20. 20. By Mid – 2007 - A Final Holistic Approach for Managing ICT Security in Organisations was produced Presented in a book: ISBN Nr 91-7155-383-8 The Environment The Organisation General Management’s Mitigation attention & Planning Backing (GL-09) (GL-05) Strategic (Top) Technical Form Awareness Risk Quick & Backing of Assessment/ Operationalisation Management’s Managements Project Scan General staff Analysis (ICT Security Backing Backing Team & Plan (GL-04) (GL-07) (GL-08) Policy, Services & (GL-01) (GL-02) (GL-03) Mechanisms) (GL-11) Review/Audit ICT Security (GL-06) Develop Counter Measures (GL-10) Maintenance (Monitor the Progress) INTRODUCTION OF ICT (GL-12) SECURITY MANAGEMENT PROCESS (INITIALISATION) INTERNALISED & CONTINUOUS PROCESS The Organisation’s goal & services 20 Stakeholders©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
  21. 21. Each process maps the Holistic View of the security Problem Users Valuable asset- Information 21©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
  22. 22. Management team discussing ICT security Problem This is a technical problem This is a business Problem Users Valuable asset- 22 Information©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
  23. 23. Four Years Later - More developments and more problems…. 23©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
  24. 24. Agenda• Introduction• An overview of ICT and its Security Problem• What went wrong• Who is responsible• Lessons from others• What can be done? 24©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
  25. 25. ICT Service delivery problemsblem 25 ©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
  26. 26. ICT Service delivery problemsProblems related to failureof accessing computerizedservices in a number ofconnected offices or outlets. customer at ATM 26©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
  27. 27. ICT Service delivery problems 27©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
  28. 28. Customers waiting to pay their taxes! 28©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
  29. 29. ICT operational incidents Transactions delays Deposit ,Withdraw &Send money using mobile phone 29©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
  30. 30. ICT disposal management ICT hardware disposal Sensitive information found from the hard disks 30©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
  31. 31. Is IT governing us or are we governing it?©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
  32. 32. • Despite of many technical solutions available-The problem of management of ICT-related risks in organisations are increasingly becoming major concerns to many ICT-dependent organisations©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
  33. 33. What went Wrong? And why in Tanzania? 33©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
  34. 34. ICT Risk Management Drivers – a Comparative Study of Sweden, USA, India, and Tanzania IEEE CRiSIS 2007©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
  35. 35. • The interesting questions here was, – what is it that makes the difference? – Is it because of the consequences of globalisation? – Is it because of the different regulations and requirements that need to be complied with in a given country? – Is it because of market pressure or customer demand? – Is it because of different cultures, in that, according to Robbins, national culture continues to be a powerful force in explaining a large proportion of organisations’ behaviour?©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
  36. 36. Objectives • The objective of this study was to investigate the effects of some possible ICT risk management drivers on the process of getting senior management involved in ICT risk management, and hence accountable. • The investigation was carried out by taking case study of four countries namely Sweden, USA, India, and Tanzania. • The drivers investigated were mainly – Globalisation, – Market Pressure, – Customer Demand and – Regulatory Requirements.©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
  37. 37. Examples of ICT Risk Management Drivers • One condition for global collaboration between different organisations, cultures and time zones is a “common language”, i.e. internationally accepted standards and frameworks. Sarbanes-Oxley Act in • By using these standards and frameworks,- controlled and 2002 (SOX) security Committee of Sponsoring enforced by the US Securities and quality can be defined, agreed and Exchangefollowed Organization’s (COSO) on and Commission up. framework • One further advantage is the fact that offshore Control Objectives for suppliers are normally an related Information and Technology - certified, using these IT standards andgovernance framework frameworks. • Their prospective customers can more easily assess security and quality requirements.©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
  38. 38. Research approach, Methodology • Based on the four studies, status and experiences of how ICT risk management is being practised in organisations in Sweden, USA, India and Tanzania was investigated • Findings from the four studies were used as input to investigate senior management’s involvement in the ICT risk management process.©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
  39. 39. Studies in the four Countries (Swedish) • Study on Swedish government agencies concerning the use of IT security - Indicated. – lack of support from senior management. – ICT security is not carried out in a systematic way which makes it difficult for the management to prioritise between different risks and countermeasures, causing difficulties in following up the state of security. • The use of models for return on security investment also shows the lack of support from senior managementprobably that The reason for this is Another study was carried out by interviewinganalysis has not gained the using risk information security managers and risk managers at 7of the management approval large Swedish trade and industry organisations making extensive use of ICT, most of them also with large international operations. – The overall summary of the result from the study is that risk analysis is not used as a method to allocate resources for increasing the security level for the ICT systems.©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
  40. 40. Studies in the four Countries (USA) • The USA study was based on the “2006 CSI/FBI Computer Crime and Security survey” which is based on the responses of 616 computer security practitioners in US corporations, government agencies, financial institutions, medical institutions and universities . – The survey indicated a substantial decrease in the total dollar amount of financial losses resulting from security breaches. • Probably this due to the Introduction of SOX – “The Sarbanes-Oxley Act has changed the focus of information security in my organisation from technology to one of corporate governance”. • For example, the Act requires that: – CEO and CFO to personally certify the correctness in the financial reports (section 302); – Demands the certification of the underlying (IT) processes (section 404); – Financial events of importance must be reported within four days (section 409); – The person who deliberately destroys documents, physical or electronic, including e-mail, may be sentenced to up to twenty years’ imprisonment (section 802)©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
  41. 41. 41©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
  42. 42. Studies in the four Countries (India) • The study in India was based on the medium-sized company as a representative of an outsourcing company in India, on the assumption of getting an average indication (2006). • An example was iGATE corporation which was ISO2000 certified, ISO27001 certified, COBIT maturity level 5 and SOX compliant. • The reason they have done this is that they see it is absolutely essential to have these standards and frameworks implemented for them to remain in business. • In India, customer demand and market pressure makes security a top priority for senior management. – several Indian offshore suppliers are listed on the USA stock market and so have to fulfil SOX requirements and have the same level of security in place©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
  43. 43. Studies in the four Countries (Tanzania) • The study in Tanzania took place between 2003 and 2006 - the respondents were mainly senior management, Chief Financial Officers, Operational managers, IT Managers and general and technical staff. • The study indicated that the focus of the organisations is on what is commonly known as “Computerisation”. – Very little or no attention at all is paid to managing ICT- related risks. • This was partly found to be due to the following reasons: – not knowing that they are vulnerable to ICT-related risks as a result of computerisation – ICT risk is not seen as a risk to the organisation’s business; – the relaxed culture and lack of formal ICT and ICT security policies and procedures; – believing that ICT security is a technical problem and therefore both ICT in general and ICT security in particular being set aside for more important things.©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
  44. 44. Today in Tanzania …©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
  45. 45. • Poor Planning and Management of ICT – Lack of alignment between ICT strategy and business strategy – High Cost of ICT with low or unproven return on investment (ROI) • ICT Staff with inadequate skills – Non ICT -ICT staff, coupled with Non ICT –ICT vendors and Sometimes Non ICT - ICT Consultants – Where Relevant skills exist, they are underutilised 45©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
  46. 46. • Problems in Acquisition of ICT related Solutions – Ad hock and Uncoordinated ICT initiatives Mostly Vendor OR donor driven solutions – with too much dependence on vendor & Donor – not local tailored 46©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
  47. 47. Problem in Acquisition of ICT related Solutions Vendor Tender communicate direct Lack of ICT Evaluation expert to user Tender board team Lack of appropriate ICT expert User Dept PMU Vendor ICT Dept/ They are the expert Division/Dir – Recall Set of Tech. are consulted for Instructions! inspection against the specification/ If software then run in test environment Store Good practice - A lot of security Bad practice implications47 ICT Disposal©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
  48. 48. • No proper ICT related Risk Management – Security policy and procedures not in place – Inadequate business continuity measures – Serious ICT operational incidents – ICT not meeting nor supporting compliance requirements 48©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
  49. 49. • Obsolete Organization Structure – ICT function seen as only operations not across-cutting – Structure should consider current ICT development and its social-economic impacts 49©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
  50. 50. Obsolete Org structures Management Strategic function CEO function Directors Directors Directors Line Line Line Line Line Managers Managers Managers Managers Managers ICT Dept Under staffed Not well utilized especially in public org Operational function No clear job description 50 Not motivated©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
  51. 51. Lack of awareness about ICT related Risks to customers – while talking about Internet Banking How many people have read the Bank customer service contract/agreement 51©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
  52. 52. • Introduction • An overview of ICT and its Security Problem • What went wrong • Who is responsible • Lessons from others • What can be done? 52©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
  53. 53. • Referring to the studies, one can see that Market Pressure and Customer Demand, which lead to regulatory requirements such as SOX, are significant risk management drivers. Globalisation effect SOX Requirements (Including Strong demand frameworks) Strong (Only in some Strong demand cases) Weak demand demand Strong Strong USA demand demand INDIA Market Pressure & Customers Demand Weak Weak TANZANIA demand demand SWEDEN©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
  54. 54. • The key point was to get senior management’s backing and involvement in the ICT risk management process • This study shows that even though there are international standards and frameworks for feedback on how the ICT risks are handled in an organisation, Compliance with Regulations seems to be the strongest driver actually effecting involvement of senior managers in the ICT risk management process. • However, in noting this, we also include – but view it as happening in earlier feed-back cycles – that Globalisation, Customer Demand and Market Pressure are drivers that initiate regulations (such as SOX) and thus interact as indicated earlier.©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
  55. 55. • Through Regulation (such as SOX), senior managers were in varying degrees held personally accountable; – We have seen for example some sections, as mentioned, are very tough. • However, there is still a need to identify more drivers of ICT risk management in the international and national scenes- it seems important to investigate how national, organisational and security cultures can blend and adapt in order to handle ICT security risks as part of the ordinary business processes.©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
  56. 56. Currently empirical data concerning the influence of cultural factors on ICT risk management are weak. We are now researching on how cultural factors might affect or drive the ICT risk management process. 56©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
  57. 57. • Introduction • An overview of ICT and its Security Problem • What went wrong • Who is responsible • Lessons from others • What can be done? 57©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
  58. 58. ICT is critical and strategic to organization’s business operations ICT involves huge investments and great risks 58©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
  59. 59. •Top management and oversight bodies that are vested with day to day planning, organizing, controlling, directing and staffing responsibilities have a broad stake in ensuring everything, including ICT matters, are properly manned and managed. •Boards of Directors are vested with such responsibilities •ICT related risks management requires strategic direction and driving force and that Board is responsible through the CEO. 59©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
  60. 60. • Introduction • An overview of ICT and its Security Problem • What went wrong • Who is responsible • Lessons from others • What can be done? 60©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
  61. 61. • Cooperate boards compositions to include ICT experts, just like the way we include board members with legal and finance competences • organization’s goal and its strategic objectives well aligned with ICT strategies. • Tender Boards and Tender Evaluation Committees should also include personnel with ICT expertise • Organization structures should be reviewed to place ICT at the strategic level not only technical/operational level • Industry and Academic should facilitate research in ICT risk-related issues, to perfectly foresee the future and potential incoming threats. 61©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
  62. 62. Conclusion and Outlook • The principle goal of an organization risk management process should be to protect the organization and its ability to achieve their mission • and therefore ICT related risks management be part of the overall cooperate risk management because the value have moved from tangible to intangible assets 62©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
  63. 63. Approaching IT governance • Aligning IT & Business • Managing service delivery for promised service level • Managing Resource for max benefit • Managing Risk to foresee problem and mitigate • Measuring Performance to monitor and report on delivery performance©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
  64. 64. How could the management of ICT related Risks be improved, in order to reduce the potential financial damage as a result of computerisation? Answer: A Holistic Approach for Managing ICT Security in Non- Commercial Organisations. A Case Study in a Developing Country Presented in a book: ISBN Nr 91-7155-383-8©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
  65. 65. How to Plan and design a suitable ICT Security Management Process©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
  66. 66. Its now the intangible economy ! Information is the most valuable asset and is the only commodity that can be stolen without being taken! If organizations do not address these problems then they should expect severe financial damage resulting from Services interruption, reputations damage, Loss of strategic information, liability claims, loss of property, The dependence on ICT to business Core operations makes the ICT an important strategic tool 66©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
  67. 67. Thank you! 67©2010 Open University of Tanzania – Dr. Jabiri K. Bakari

×