1 out of 5: The most common mistakes companies make regarding risk management and security

In the following posts we’ll share the 5 most common mistakes that companies make when it comes to risk management and security – and how to go about it! (Follow our LinkedIn page to make sure you don’t miss out)

# 1: Lack of or inadequate dialogue between the business and IT

This is a classic mistake. The IT-department is so focused on making tech-savvy solutions that they forget to link it to the actual business which in worst case can end up killing the business.

At one point I was working in a company and the IT-department had to move a system from one country to another in a weekend.
The product owner of the system contacted us desperately saying that there was no way we could do that. It turned out that even in weekends he had a huge number of customers and transactions meaning that it would have huge consequences business wise.

black-and-white-city-man-people

What you can do

The IT department had no idea about this. And that’s why we need dialogue. Dialogue about business impact analysis, volume of business, etc. You can create a questionnaire in order to understand the business and the consequences.
If you want to learn how to include the business in the overall processes related to IT, you may want to take a look at COBIT (Control Objective for Information and Related Technology Standards), which is a best practice for governance and IT.