Risk Management: Difference between revisions
From IT Process Wiki
No edit summary |
mNo edit summary |
||
| Line 1: | Line 1: | ||
<seo metakeywords="itil risk management, risk management itil, itil risk management process, risk management process" metadescription="Risk Management: ITIL process definition - subprocesses - Additional information on ITIL Risk Management." /> | |||
<imagemap> | |||
Image:ITIL-Wiki-de-es.jpg|DE - ES - Risk Management|100px | |||
rect 0 0 50 30 [https://wiki.de.it-processmaps.com/index.php/Risikomanagement diese Seite auf Deutsch] | |||
rect 50 0 100 30 [https://wiki.es.it-processmaps.com/index.php/ITIL_Gestion_del_Riesgo esta página en español] | |||
desc none | |||
</imagemap> | |||
<br style="clear:both;"/> | |||
== ITIL Risk Management: Overview == | |||
'''Process Objective''': To identify, assess and control risks. This includes analysing the value of assets to the business, identifying threats to those assets, and evaluating how vulnerable each asset is to those threats. | '''Process Objective''': To identify, assess and control risks. This includes analysing the value of assets to the business, identifying threats to those assets, and evaluating how vulnerable each asset is to those threats. | ||
| Line 10: | Line 14: | ||
'''Part of''': [[ITIL V3 Service Design|Service Design]] | '''Part of''': [[ITIL V3 Service Design|Service Design]] | ||
'''Process Owner''': [[ | '''Process Owner''': [[Risk Management#Additional Information on Risk Management|Risk Manager]] | ||
==ITIL | == ITIL Risk Management: Process Definition == | ||
[[Image:Itil-risk-management.jpg|thumb=overview_risk_management_itilv3_thumb.jpg|left|[https://wiki.en.it-processmaps.com/images/pdf/process_overview_risk_management_itilv3.pdf ITIL Risk Management]]] | |||
Risks are addressed within several processes in ITIL V2 and ITIL V3; there is, however, no dedicated Risk Management process. ITIL V3 calls for “coordinated risk assessment exercises”, so at IT Process Maps we decided to assign clear responsibilities for managing risks, which meant introducing a specific Risk Management process as part of the [https://en.it-processmaps.com/products/itil-process-map.html ITIL® Process Map V3]. | |||
Having a basic Risk Management process in place will provide a good starting point for introducing best-practice Risk Management frameworks like M_o_R (as recommended in the ITIL V3 books). | |||
[[ | The following sub-processes are part of [[Risk Management|ITIL Risk Management]]: | ||
<br style="clear:both;"/> | |||
=== Sub-Processes === | |||
;Business Impact and Risk Analysis | ;Business Impact and Risk Analysis | ||
:Process Objective: To quantify the impact to the business that a loss of service or asset would have, and to determine the likelihood of a threat or vulnerability to actually occur. The result of | :Process Objective: To quantify the impact to the business that a loss of service or asset would have, and to determine the likelihood of a threat or vulnerability to actually occur. The result of the "[[Risk Management#Business Impact and Risk Analysis|Business Impact and Risk Analysis]]" is the [[Risk Management#Risk Register|Risk Register]], a prioritized list of risks which must be subsequently addressed. | ||
;Assessment of Required Risk Mitigation | ;Assessment of Required Risk Mitigation | ||
| Line 33: | Line 39: | ||
:Process Objective: To monitor the progress of counter measure implementation, and to take corrective action where necessary. | :Process Objective: To monitor the progress of counter measure implementation, and to take corrective action where necessary. | ||
< | ===== Downloads ===== | ||
Use the following links to open the process overview of Risk Management showing the most important interfaces: | |||
* [[Media:Itil-risk-management.jpg|ITIL Risk Management (.JPG)]] | |||
* [https://wiki.en.it-processmaps.com/images/pdf/process_overview_risk_management_itilv3.pdf ITIL Risk Management (.PDF)]'' | |||
=== ITIL Terms: Risk Management === | |||
;<span id="Business Impact and Risk Analysis">Business Impact and Risk Analysis</span> | |||
:The Business Impact Analysis (BIA) identifies Vital Business Functions (VBFs) and their dependencies. These dependencies may include suppliers, people, other business processes, services etc.. The Risk Analysis identifies threats and vulnerabilities to business assets, and indicates how vulnerable each asset is to those threats. | |||
;<span id="Process and Asset Valuation">Process and Asset Valuation</span> | |||
:An estimate of the value a process or other asset represents for the business. This value is an important input for Risk Analysis. | |||
;<span id="Risk Register">Risk Register</span> | |||
:The Risk Register is a tool used by the Risk Management process to keep an overview of identified risks and corresponding counter measures. The Risk Register is sometimes referred to as the Risk Log. | |||
== Additional Information on Risk Management == | |||
==== ITIL Roles ==== | |||
;Risk Manager - Process Owner | |||
:The Risk Manager is responsible for identifying, assessing and controlling risks. | |||
:This includes analysing the value of assets to the business, identifying threats to those assets, and evaluating how vulnerable each asset is to those threats. | |||
<i><small>[[Main Page|Home]] > [[ITIL Processes]] > [[ITIL V3 Service Design|Service Design]] > [[Risk Management|Risk Management]]</small></i> | |||
<!-- This page is assigned to the following categories: --> | |||
[[Category:ITIL V3]][[Category:ITIL process]][[Category:Service Design|Risk Management]][[Category:Risk Management|!]] | |||
<!-- --- --> | |||
Revision as of 11:27, 13 July 2011
<seo metakeywords="itil risk management, risk management itil, itil risk management process, risk management process" metadescription="Risk Management: ITIL process definition - subprocesses - Additional information on ITIL Risk Management." />
ITIL Risk Management: Overview
Process Objective: To identify, assess and control risks. This includes analysing the value of assets to the business, identifying threats to those assets, and evaluating how vulnerable each asset is to those threats.
Part of: Service Design
Process Owner: Risk Manager
ITIL Risk Management: Process Definition
Risks are addressed within several processes in ITIL V2 and ITIL V3; there is, however, no dedicated Risk Management process. ITIL V3 calls for “coordinated risk assessment exercises”, so at IT Process Maps we decided to assign clear responsibilities for managing risks, which meant introducing a specific Risk Management process as part of the ITIL® Process Map V3.
Having a basic Risk Management process in place will provide a good starting point for introducing best-practice Risk Management frameworks like M_o_R (as recommended in the ITIL V3 books).
The following sub-processes are part of ITIL Risk Management:
Sub-Processes
- Business Impact and Risk Analysis
- Process Objective: To quantify the impact to the business that a loss of service or asset would have, and to determine the likelihood of a threat or vulnerability to actually occur. The result of the "Business Impact and Risk Analysis" is the Risk Register, a prioritized list of risks which must be subsequently addressed.
- Assessment of Required Risk Mitigation
- Process Objective: To determine where risk mitigation measures are required, and to identify Risk Owners who will be responsible for their implementation and ongoing maintenance.
- Risk Monitoring
- Process Objective: To monitor the progress of counter measure implementation, and to take corrective action where necessary.
Downloads
Use the following links to open the process overview of Risk Management showing the most important interfaces:
ITIL Terms: Risk Management
- Business Impact and Risk Analysis
- The Business Impact Analysis (BIA) identifies Vital Business Functions (VBFs) and their dependencies. These dependencies may include suppliers, people, other business processes, services etc.. The Risk Analysis identifies threats and vulnerabilities to business assets, and indicates how vulnerable each asset is to those threats.
- Process and Asset Valuation
- An estimate of the value a process or other asset represents for the business. This value is an important input for Risk Analysis.
- Risk Register
- The Risk Register is a tool used by the Risk Management process to keep an overview of identified risks and corresponding counter measures. The Risk Register is sometimes referred to as the Risk Log.
Additional Information on Risk Management
ITIL Roles
- Risk Manager - Process Owner
- The Risk Manager is responsible for identifying, assessing and controlling risks.
- This includes analysing the value of assets to the business, identifying threats to those assets, and evaluating how vulnerable each asset is to those threats.
