Managing Risk in IT

Managing Risk in IT
#12NTCRISK

Richard D. Wollenberger
Jay L. Seagren

Managing Risk in IT Slide 1

Evaluate This Session!
Each entry is a chance to win an NTEN engraved iPad!

or Online using <#NTC12RISK> at www.nten.org/ntc/eval


Managing IT Risk in a small-
medium sized organization


Managing Risk in IT
• Introductions
• What is risk management?
• Budgets
• Integration with business needs
• Managing Staff
• Managing the computing environment


Who are we?

Richard Wollenberger
Director of Information Technology
Parents as Teachers national office
richard.wollenberger@parentsasteachers.org

Jay Seagren
Senior Manager, Enterprise Systems,
The Pew Charitable Trusts
jseagren@pewtrusts.org


Who’s here today

• Organization size?
• Accidental techie?
• # of IT staff?


IT Resources


What is Risk Management?

• Origins of risks
– From the ancient Italian word riscare
– The study of risk began during the
Renaissance
– Daniel Bernoulli
– Harry Markowitz


What does this have to do with IT?

• Every decision you make is about
managing some kind of risk
– Which AV system will protect your staff?
– Which backup system will be easy to use
(restore from) during an emergency situation?
– MS vs. Google?
– Voice/data connections
– Firewall


Budgets

• Every penny you spend in IT is NOT spent
on your mission
– Track every expense related to:
• Computer hw/sw
• Internet connectivity
• Telephone & fax
• Printing & copying
• Training
– end user
– Tech staff (yes, you need ongoing training)


Budget Resources

• www.itlever.com
– (search for budget or budgeting)
• IT Management
– (http://itmanagerinstitute.com/free-ebook)
• Tech Republic
– (link in slide show)


Integration with the business

• You have to sit at the table
• Strategic planning
• You are there to support them
• You are there to improve processes and
make it easier
• You are there to look for cost efficiencies
– Hard and soft dollar
• Business continuity (disaster planning)

Sit at the table

• Be a partner with the business
• Have a Service Level Agreement (SLA) so your
“customers” know what to expect


Strategic planning

• Why is this important?
– Strategic planning drives the business, and
you need to be helping steer.


Who they gonna call?


What do you need to do?

• Improve business processes

• Find hard and soft dollar cost efficiencies


Staffing

• Are you an
“Accidental Techie?”

• Do you manage
other IT staff?


Outsourcing vs. Insourcing
Services
• Office and Collaboration
• Help desk
• Constituent Management
• Security
• Server and Network


Office and Collaboration

• Google Apps (Low Risk)
– Free for non-profits <3000 users
– Now online and offline (Chrome)
– Bonus: Postini spam filter


Office and Collaboration

• Office 365 (Medium Risk)
– Requires desktop client
– Per seat costs ($6-$27/user/month)
– Bonus: SharePoint


Help Desk
• (low risk – it’s free)

• (med risk - about $20/seat/month)

• (med risk – new version
not available yet – check for pricing with Techsoup.org)


Constituent Management

• (low risk)
– $200 - $475/month

• (medium risk)

– 10 licenses free, >10 80% discount
– Nonprofit Starter pack (free)


Security

• Virus protection
– Symantec ($25/yr)
– McAfee ($30/yr)
– Microsoft System Essentials
• Free for <10 PCs
– Microsoft Forefront Endpoint
($20/seat)


Disaster Planning

• This is not good:


Disaster Planning and Recovery

• Disaster Planning
– Scope of plan
• Room, building, city, region
• Disaster Recovery
– Online backup and recovery
– Pricing terms
– Amazon Web Services
• (http://media.amazonwebservices.com/AWS
_Pricing_Overview.pdf)


Server and Network

• Specs
– What you want vs. what you need
• Tools
– Is the cloud right for your organization?
• Processes
• Procedures
• Change management
• Regulation and law compliance


Server and Network – cont.

• Duplicate and mirrored services
• 2 separate data centers
• Different geographic and power grid
zones
• Carbon copying between the two
• 3rd Party DNS can route to different data
centers upon failure


3rd Party Providers


3rd Party Providers

• Financial pressure and offsite delivery
model drive the need
• Risk Management starts with Sourcing,
continues with Contracting and finally
Vendor Management
• Extend your in-house staff seamlessly if
managed well


3rd Party Providers – cont.
• Growing number of delivery models, specialized services and
budget pressure are driving more reliance on 3rd party service
providers

• 25% of IT budgets are now going to 3rd party providers

• Over 50% of IT managers surveyed will increase their budget
on SAAS providers.



• Areas of Risk and Mitigation:
– Data Security
– Stability of provider and their service
– Your brand and reputation
– Legal and Professional liability



• Data Security
• Privacy policies in contract
• Vendor audit
• Internal training on Data Security
awareness
• Sensitive information (e.g. High
Wealth Donors) may warrant DLP



• Stability of provider
• Basic Balance sheet and Cash Flow analysis
• Bankruptcy, M and A
• Stability of service
• Service Levels objectives in contract
• Incentives and discounts/refunds
• Vendor Scorecards



• Brand reputation
• Brand usage built in to contracts
• On site risk assessment
• Deliverable reviews



• Legal and Professional
liability
• Business Continuity plan review
• Standardized best practices
• Standard Legal Terms and
Conditions


Managing Risk in IT
Conclusion
• Be partner with business
• Make risk management strategic
• Evaluate outsourced and cloud offerings
• Follow Best Practices
• Use Best of Breed
• Utilize 3rd party providers wisely


Managing IT Risk in a small-
medium sized organization


Evaluate This Session!
Each entry is a chance to win an NTEN engraved iPad!

or Online using <#NTC12RISK> at www.nten.org/ntc/eval


Managing Risk in IT

More Related Content

What's hot (17)

Viewers also liked (7)

Similar to Managing Risk in IT (20)

More from NTEN (20)

Recently uploaded (20)

Managing Risk in IT