Many large and medium sized businesses have the interesting problem of understanding and inventorying the various applications in use across diverse regions and departments. Without this clear understanding of how these applications are being used, who owns them, what type of data is stored inside, and the management of each application, CIOs and management’s ability to assess risks are greatly handicapped.
How to Manage Application Risk
Here are a few steps to get moving in the right direction:
1. Application Inventory: First, management has to have an accurate inventory of the applications in use throughout the organization as well as a few basic details. I usually inspect various system listings, perform interviews, and observe the applications themselves to paint a clear picture of the Company’s application environment.
2. Risk Score:Once you have a clear picture of all of the applications in your environment you can develop a risk scoring system. I typically try to think through the different factors that may create risk in each application, assign a weighted score, and enter the relevant data. If you are tech savvy you can even automate this process.
3. Project Selection: Not that you have a full inventory of applications and understand the associated risk of each application you can use this information to drive project selection and the dedication of internal resources and budget.
Am I missing anything? How are you managing application risk?