Spoke to Gill 8th January 2015
She said that after the Y2000 bug when nothing happened a lot of CFO's think that IT people cry wolf on the risk. I pointed out that this is one of the problems with ICT no-one really knows everything about the system but mostly the system just keeps going (until it doesn't).
She said the main issues were:
To identify what level of IT Infrastructure the organisations wants.
Need a practical way to quantify the risks. so need a way to
- Identify a risk.
- Identify the consequences of a risk occurring.
- What is the probability of the risk occurring.
- How easy would it be to recover from the event.
- What remedial work is required and cost of this work (gap analysis)
The problem is that we have a lot of mechanisms of doing that in ICT - why haven't they found acceptance with management.
She said at ANZCO Foods when the network or systems are down the whole kill chain must stop because information systems has become so integrated with their organisational processes.
One of the problems is that we don't tend to quantify the level of risk in terms of money but rather time based measures such as Mean Time Between Failures.(MTBF).
We need some kind of framework to identify mission critical systems and then quantify the impact of an outage.
My thoughts are that as organisations move toward cloud based solutions they are going to consider that they have outsourced their IT management issues and deskill their IT support staff. However their network will become even more critical to the organisation.
