risk management for e-business
TRANSCRIPT
-
8/3/2019 Risk Management for E-Business
1/33
Click to edit Master subtitle style
4/30/12
e-Business Risk
ManagementCIOKelompok
7Presented byNia KurniasihNur BudiantoS Dedi NirtadinataS Enggo Widodo
-
8/3/2019 Risk Management for E-Business
2/33
4/30/12
Scope
22
-
8/3/2019 Risk Management for E-Business
3/33
4/30/12
Definition
Risk
The possibility of meeting danger.Can negatively impact or positive.
Management
The process ofdealing with orcontrolling people or things
Business
The activity of making, buying,selling or supplying things
e-Business = ?
Source: OxfordDictionary
33
-
8/3/2019 Risk Management for E-Business
4/33
4/30/12
e-Business Model
Electronic Business usingInformation Technology (internet)
44
-
8/3/2019 Risk Management for E-Business
5/33
4/30/12
e-Business Model
=
Using IT to buy andsell goods andexchange services
electronically
serves a broader term, allforms of businessconducted usingelectronic data
transmission for
X
55
-
8/3/2019 Risk Management for E-Business
6/33
4/30/12
The Technology of e-BusinessProtocols
TCP/IP
HTTP
Software
Web browser
Firefox, Chrome, Safary, etc..
Hardware
Web server
66
-
8/3/2019 Risk Management for E-Business
7/33
4/30/12
The Technology of e-BusinessHTML
Formatting language thatpresentation of information over the
World Wide Web (WWW)XML
Language that enable the
transmission and manipulation ofinformation across the Internetnetwork
77
-
8/3/2019 Risk Management for E-Business
8/33
4/30/12
Samples of e-Business
e-Banking Services
e-Shopping
e-Hotele-Ticket
e-Logistics
e-Learning
e-Gambling
88
-
8/3/2019 Risk Management for E-Business
9/33
4/30/12
Why We Need e-BusinessRisk Management?Control or minimize risks
Internet bring new set of risks
e-Business model evolutionBased on statistics
Over 30% of projects are cancelled
before completion Over 50% of projects cost 100% or
more than their original estimates
Only 16% of software projects are 99
-
8/3/2019 Risk Management for E-Business
10/33
4/30/12
e-Business ModelEvolutionBusiness isgoing to
change more inthe next tenyears than it
has in the lastfifty.
BillGates
1010
-
8/3/2019 Risk Management for E-Business
11/33
4/30/12
e-Business ModelEvolution
1111
-
8/3/2019 Risk Management for E-Business
12/33
4/30/12
e-Business Risk
1212
-
8/3/2019 Risk Management for E-Business
13/33
4/30/12
Privacy andConfidentialityPrivacy concert protection to
proprietary information incl.personal and exchange or
transactionConfidentiality is similar to
privacy but focuses on
information specifically designedto be confidential or secret
1313
-
8/3/2019 Risk Management for E-Business
14/33
-
8/3/2019 Risk Management for E-Business
15/33
4/30/12
Internet Tracking Tools
Logs a file contain a record eachtime a users Web browser viewsan Internet page
Cookies are pieces of data placedin a browsers memory
1515
-
8/3/2019 Risk Management for E-Business
16/33
4/30/12
Security Risk
System penetration
Authorisation violation
Trojan HorseCommunications
monitoring(Spoofing)
DoSRepudiation
1616
-
8/3/2019 Risk Management for E-Business
17/33
4/30/12
System Availability andReliabilityServer down
Failure on processing transaction
1717
-
8/3/2019 Risk Management for E-Business
18/33
4/30/12
Transaction Integrity
System processing is complete,accurate, timely, and authorized
Transaction integrity Risk
Spoof
Scam
1818
-
8/3/2019 Risk Management for E-Business
19/33
4/30/12
The e-Business ProjectRisk ModelContent Delivery Risk
Technology Risk
Organization RiskResource Risk
Market Risk
Project Risk
1919
-
8/3/2019 Risk Management for E-Business
20/33
-
8/3/2019 Risk Management for E-Business
21/33
4/30/12
1. Risk Planning
Define risk management processto needs of Project
Four stages to risk management
planning Risk identifier
Risk analysis
Risk handling/response
Risk monitoring
Output : Risk Management Plan 2121
-
8/3/2019 Risk Management for E-Business
22/33
4/30/12
2. Risk Identification
Identification and name the risks
Find the cause of the situation
Business users no available
Server attacked by DoS
Etc..
Find the impact of risks Budget will be expected
Server down
Out ut: Risk Identification 2222
-
8/3/2019 Risk Management for E-Business
23/33
4/30/12
3. Risk Analysis
Determine the probability ofchance occurrence of the risk
Determine consequence of each
risk using ordinal scales found inthe Risk Management Plan
Output : Risk Analysis Record
2323
-
8/3/2019 Risk Management for E-Business
24/33
4/30/12
4. Risk Handling/Response
Define mitigation plan to respondto each risk
Estimate required resources
Output : Risk Handling Plan
2424
-
8/3/2019 Risk Management for E-Business
25/33
4/30/12
4. Risk Handling/Response
There are four things you can doabout a risk.
Avoid the risk
Transfer the risk
Mitigate the risk
Accept the risk
2525
-
8/3/2019 Risk Management for E-Business
26/33
4/30/12
5. Risk Monitoring
Track & control progress inperforming risk handling plans
Risk Handling Plan progress is
tracked and updated monthly
Continually monitoring risk toidentify any change in the status
Output :
Risk Status Report
Prioritized Risk List 2626
-
8/3/2019 Risk Management for E-Business
27/33
4/30/12
Risk Management ProcessFlow
2727
-
8/3/2019 Risk Management for E-Business
28/33
4/30/12
Challenges for e-BusinessRisk ManagementDealing with multiple stakeholder
groups
Understanding of stakeholder
requiretments
Meeting / managing stakeholderexpectations of systems
functionality and availability
Finding project managers withappropriate skill sets
M n in wi r r n f 2828
-
8/3/2019 Risk Management for E-Business
29/33
4/30/12
The Role of IS Auditors
InvolvementDirectly in Project Management Team and/or
Indirectly in Project Steering
Committee
Analysis
Cost
Return
Potential financial implications
Contract terms 2929
-
8/3/2019 Risk Management for E-Business
30/33
4/30/12
The Role of IS Auditors
Security and risk management Setting security objectives
Identifying threats
Providing advice on feasiblesolutions
Developing incident response
capability
3030
-
8/3/2019 Risk Management for E-Business
31/33
4/30/12
The Role of IS Auditors
Monitoring User Requiretments
Security and Controls
Testings
Documentation
3131
-
8/3/2019 Risk Management for E-Business
32/33
4/30/12
Final Thought
Cost Risk
Potential
Problem
Value-
added
3232
-
8/3/2019 Risk Management for E-Business
33/33
4/30/12
Best Practice
NASA (National Aeronautics andSpace Administration)
http://www.hq.nasa.gov/office/codeq/
risk/
Harvard University
http://vpf-
web.harvard.edu/rmas/index.html
33