Risk Management

What is it?

IT Risk Management is a threat-based approach to assessing and mitigating risk to IT assets. The typical approach to managing risk is to apply a set of best practices to all assets. This may be more effort than it's worth for low-risk assets, and insufficient for higher-risk assets. A more effective approach is to identify the relevant threats (threat assessment), determine which IT resources are vulnerable to those threats, and then to apply appropriate controls that will mitigate that risk to an acceptable level for those resources. For example, the same resource (laptop hard-drives) used by people in both low-risk and high-risk contexts, would normally not require disk encryption unless the drive hosts information with a sensitivity level that would require mitigation against theft, e.g., human resources or financial data. A well thought-out approach to IT risk management will ensure mitigation efforts are focused on the higher risks and ensure that the confidentiality, integrity, availability and accountability of the more sensitive IT assets are well protected.

We are also fostering a community of IT Risk Management practitioners through training, mentoring, and interaction.

Who is it for?

Any organization in the Bible translation movement.

Who do I contact?

Rod Davis, Business Continuity Consultant for SIL International, Rod _Davis@sil.org, +1(704) 843-6178

What GTIS Does

  • Identify relevant threats and their likelihood of occurrence in your environment
  • Evaluate vulnerability of IT resources to these threats
  • Assess sensitivity of IT resources to develop a risk profile
  • Deliver recommendations for high-consequence threats found lacking adequate mitigating controls.
  • Present a cost-benefit analysis of potential risk mitigation controls.

What You Do

You will provide an engaged contact who can provide or assist GTIS in discovering the following types of information:

  • Known threats to operations and assets.
  • Developing a list of IT resources and their sensitivities
  • Existing options available for mitigating risk
  • Budgetary restrictions on areas and their operational units.