risk management for e-business

8/3/2019 Risk Management for E-Business

1/33

Click to edit Master subtitle style

4/30/12

e-Business Risk

ManagementCIOKelompok

7Presented byNia KurniasihNur BudiantoS Dedi NirtadinataS Enggo Widodo


2/33

4/30/12

Scope

22


3/33

4/30/12

Definition

Risk

The possibility of meeting danger.Can negatively impact or positive.

Management

The process ofdealing with orcontrolling people or things

Business

The activity of making, buying,selling or supplying things

e-Business = ?

Source: OxfordDictionary

33


4/33

4/30/12

e-Business Model

Electronic Business usingInformation Technology (internet)

44


5/33

4/30/12

e-Business Model

=

Using IT to buy andsell goods andexchange services

electronically

serves a broader term, allforms of businessconducted usingelectronic data

transmission for

X

55


6/33

4/30/12

The Technology of e-BusinessProtocols

TCP/IP

HTTP

Software

Web browser

Firefox, Chrome, Safary, etc..

Hardware

Web server

66


7/33

4/30/12

The Technology of e-BusinessHTML

Formatting language thatpresentation of information over the

World Wide Web (WWW)XML

Language that enable the

transmission and manipulation ofinformation across the Internetnetwork

77


8/33

4/30/12

Samples of e-Business

e-Banking Services

e-Shopping

e-Hotele-Ticket

e-Logistics

e-Learning

e-Gambling

88


9/33

4/30/12

Why We Need e-BusinessRisk Management?Control or minimize risks

Internet bring new set of risks

e-Business model evolutionBased on statistics

Over 30% of projects are cancelled

before completion Over 50% of projects cost 100% or

more than their original estimates

Only 16% of software projects are 99


10/33

4/30/12

e-Business ModelEvolutionBusiness isgoing to

change more inthe next tenyears than it

has in the lastfifty.

BillGates

1010


11/33

4/30/12

e-Business ModelEvolution

1111


12/33

4/30/12

e-Business Risk

1212


13/33

4/30/12

Privacy andConfidentialityPrivacy concert protection to

proprietary information incl.personal and exchange or

transactionConfidentiality is similar to

privacy but focuses on

information specifically designedto be confidential or secret

1313


14/33


15/33

4/30/12

Internet Tracking Tools

Logs a file contain a record eachtime a users Web browser viewsan Internet page

Cookies are pieces of data placedin a browsers memory

1515


16/33

4/30/12

Security Risk

System penetration

Authorisation violation

Trojan HorseCommunications

monitoring(Spoofing)

DoSRepudiation

1616


17/33

4/30/12

System Availability andReliabilityServer down

Failure on processing transaction

1717


18/33

4/30/12

Transaction Integrity

System processing is complete,accurate, timely, and authorized

Transaction integrity Risk

Spoof

Scam

1818


19/33

4/30/12

The e-Business ProjectRisk ModelContent Delivery Risk

Technology Risk

Organization RiskResource Risk

Market Risk

Project Risk

1919


20/33


21/33

4/30/12

1. Risk Planning

Define risk management processto needs of Project

Four stages to risk management

planning Risk identifier

Risk analysis

Risk handling/response

Risk monitoring

Output : Risk Management Plan 2121


22/33

4/30/12

2. Risk Identification

Identification and name the risks

Find the cause of the situation

Business users no available

Server attacked by DoS

Etc..

Find the impact of risks Budget will be expected

Server down

Out ut: Risk Identification 2222


23/33

4/30/12

3. Risk Analysis

Determine the probability ofchance occurrence of the risk

Determine consequence of each

risk using ordinal scales found inthe Risk Management Plan

Output : Risk Analysis Record

2323


24/33

4/30/12

4. Risk Handling/Response

Define mitigation plan to respondto each risk

Estimate required resources

Output : Risk Handling Plan

2424


25/33

4/30/12

4. Risk Handling/Response

There are four things you can doabout a risk.

Avoid the risk

Transfer the risk

Mitigate the risk

Accept the risk

2525


26/33

4/30/12

5. Risk Monitoring

Track & control progress inperforming risk handling plans

Risk Handling Plan progress is

tracked and updated monthly

Continually monitoring risk toidentify any change in the status

Output :

Risk Status Report

Prioritized Risk List 2626


27/33

4/30/12

Risk Management ProcessFlow

2727


28/33

4/30/12

Challenges for e-BusinessRisk ManagementDealing with multiple stakeholder

groups

Understanding of stakeholder

requiretments

Meeting / managing stakeholderexpectations of systems

functionality and availability

Finding project managers withappropriate skill sets

M n in wi r r n f 2828


29/33

4/30/12

The Role of IS Auditors

InvolvementDirectly in Project Management Team and/or

Indirectly in Project Steering

Committee

Analysis

Cost

Return

Potential financial implications

Contract terms 2929


30/33

4/30/12


Security and risk management Setting security objectives

Identifying threats

Providing advice on feasiblesolutions

Developing incident response

capability

3030


31/33

4/30/12


Monitoring User Requiretments

Security and Controls

Testings

Documentation

3131


32/33

4/30/12

Final Thought

Cost Risk

Potential

Problem

Value-

added

3232


33/33

4/30/12

Best Practice

NASA (National Aeronautics andSpace Administration)

http://www.hq.nasa.gov/office/codeq/

risk/

Harvard University

http://vpf-

web.harvard.edu/rmas/index.html

33

risk management for e-business

Documents