Managing Risk in IT

Managing Risk in IT
#12NTCRISK

Richard D. Wollenberger
Jay L. Seagren

Managing Risk in IT Slide 1

Evaluate This Session!
Each entry is a chance to win an NTEN engraved iPad!

or Online using <#NTC12RISK> at www.nten.org/ntc/eval


Managing IT Risk in a small-
medium sized organization


Managing Risk in IT
• Introductions
• What is risk management?
• Budgets
• Integration with business needs
• Managing Staff
• Managing the computing environment


Who are we?

Richard Wollenberger
Director of Information Technology
Parents as Teachers national office
richard.wollenberger@parentsasteachers.org

Jay Seagren
Senior Manager, Enterprise Systems,
The Pew Charitable Trusts
jseagren@pewtrusts.org


Who’s here today

• Organization size?
• Accidental techie?
• # of IT staff?


IT Resources


What is Risk Management?

• Origins of risks
– From the ancient Italian word riscare
– The study of risk began during the
Renaissance
– Daniel Bernoulli
– Harry Markowitz


What does this have to do with IT?

• Every decision you make is about
managing some kind of risk
– Which AV system will protect your staff?
– Which backup system will be easy to use
(restore from) during an emergency situation?
– MS vs. Google?
– Voice/data connections
– Firewall


Budgets

• Every penny you spend in IT is NOT spent
on your mission
– Track every expense related to:
• Computer hw/sw
• Internet connectivity
• Telephone & fax
• Printing & copying
• Training
– end user
– Tech staff (yes, you need ongoing training)


Budget Resources

• www.itlever.com
– (search for budget or budgeting)
• IT Management
– (http://itmanagerinstitute.com/free-ebook)
• Tech Republic
– (link in slide show)


Integration with the business

• You have to sit at the table
• Strategic planning
• You are there to support them
• You are there to improve processes and
make it easier
• You are there to look for cost efficiencies
– Hard and soft dollar
• Business continuity (disaster planning)

Sit at the table

• Be a partner with the business
• Have a Service Level Agreement (SLA) so your
“customers” know what to expect


Strategic planning

• Why is this important?
– Strategic planning drives the business, and
you need to be helping steer.


Who they gonna call?


What do you need to do?

• Improve business processes

• Find hard and soft dollar cost efficiencies


Staffing

• Are you an
“Accidental Techie?”

• Do you manage
other IT staff?


Outsourcing vs. Insourcing
Services
• Office and Collaboration
• Help desk
• Constituent Management
• Security
• Server and Network


Office and Collaboration

• Google Apps (Low Risk)
– Free for non-profits <3000 users
– Now online and offline (Chrome)
– Bonus: Postini spam filter


Office and Collaboration

• Office 365 (Medium Risk)
– Requires desktop client
– Per seat costs ($6-$27/user/month)
– Bonus: SharePoint


Help Desk
• (low risk – it’s free)

• (med risk - about $20/seat/month)

• (med risk – new version
not available yet – check for pricing with Techsoup.org)


Constituent Management

• (low risk)
– $200 - $475/month

• (medium risk)

– 10 licenses free, >10 80% discount
– Nonprofit Starter pack (free)


Security

• Virus protection
– Symantec ($25/yr)
– McAfee ($30/yr)
– Microsoft System Essentials
• Free for <10 PCs
– Microsoft Forefront Endpoint
($20/seat)


Disaster Planning

• This is not good:


Disaster Planning and Recovery

• Disaster Planning
– Scope of plan
• Room, building, city, region
• Disaster Recovery
– Online backup and recovery
– Pricing terms
– Amazon Web Services
• (http://media.amazonwebservices.com/AWS
_Pricing_Overview.pdf)


Server and Network

• Specs
– What you want vs. what you need
• Tools
– Is the cloud right for your organization?
• Processes
• Procedures
• Change management
• Regulation and law compliance


Server and Network – cont.

• Duplicate and mirrored services
• 2 separate data centers
• Different geographic and power grid
zones
• Carbon copying between the two
• 3rd Party DNS can route to different data
centers upon failure


3rd Party Providers


3rd Party Providers

• Financial pressure and offsite delivery
model drive the need
• Risk Management starts with Sourcing,
continues with Contracting and finally
Vendor Management
• Extend your in-house staff seamlessly if
managed well


3rd Party Providers – cont.
• Growing number of delivery models, specialized services and
budget pressure are driving more reliance on 3rd party service
providers

• 25% of IT budgets are now going to 3rd party providers

• Over 50% of IT managers surveyed will increase their budget
on SAAS providers.



• Areas of Risk and Mitigation:
– Data Security
– Stability of provider and their service
– Your brand and reputation
– Legal and Professional liability



• Data Security
• Privacy policies in contract
• Vendor audit
• Internal training on Data Security
awareness
• Sensitive information (e.g. High
Wealth Donors) may warrant DLP



• Stability of provider
• Basic Balance sheet and Cash Flow analysis
• Bankruptcy, M and A
• Stability of service
• Service Levels objectives in contract
• Incentives and discounts/refunds
• Vendor Scorecards



• Brand reputation
• Brand usage built in to contracts
• On site risk assessment
• Deliverable reviews



• Legal and Professional
liability
• Business Continuity plan review
• Standardized best practices
• Standard Legal Terms and
Conditions


Managing Risk in IT
Conclusion
• Be partner with business
• Make risk management strategic
• Evaluate outsourced and cloud offerings
• Follow Best Practices
• Use Best of Breed
• Utilize 3rd party providers wisely


Managing IT Risk in a small-
medium sized organization


Evaluate This Session!
Each entry is a chance to win an NTEN engraved iPad!

or Online using <#NTC12RISK> at www.nten.org/ntc/eval


Managing Risk in IT

More Related Content

What's hot

Viewers also liked

Similar to Managing Risk in IT

More from NTEN

Recently uploaded

Managing Risk in IT