Skip to main content
Poole College of Management
Enterprise Risk Management Initiative
Risk Identification and Assessment

Data Risk Management – Applying a Holistic Approach

September 30, 2010 2-min. read

Due to the increasing costs associated with protecting and maintaining data, a holistic approach to data risk management is becoming essential to organizations. A white paper published by IBM discusses the framework and practices involved in using a holistic approach for implementing data risk management programs across organizations.

Reliable, secure data can be lost in a variety of ways, from a missing laptop to natural disasters that destroy data centers and other electronic data storage facilities. More organizations are realizing the need to focus explicitly on data risk management that helps them consider a complete risk picture of data protected in order to highlight areas where negative risks can be mitigated and positive risks can be leveraged. Effective data risk management requires processes and procedures to coordinate the effort across the entire organization.

The IBM white paper highlights how past approaches to data risk management have focused on reacting to negative risks, such as hacking and system failures. However, this method of compartmentalizing risks is not as effective as business-oriented, holistic approaches. With a holistic approach, data risk policies and procedures should be built into business systems and processes to make data risk management more transparent. Also, to optimize data management, data should be prioritized in order of importance and redundancies should be eliminated. A good data risk management program should address the risks inherent when data is at rest in storage, in motion on the network, and in use on the desktop.

Additionally, the white paper states that data risk management standards and practices should:

  • Define the scope of risk analysis based on infrastructure and technology,
  • Identify and define threats and risks,
  • Assess the likelihood of occurrence and impact of risks,
  • Evaluate the quality of existing controls,
  • Assess risks and determine responses,
  • Develop, test, and implement plans for risk treatment,
  • Provide ongoing monitoring and feedback, and
  • Address the opportunities identified.

Original Article Source:  “Taming the Data Demons: Leveraging Information in the Age of Risk”, IBM, September 2010

More From Enterprise Risk Management Initiative

Core Strategic Drivers

ERM Tool: Understanding the Organization's Core Strategic Drivers
PESTLE Analysis

ERM Tool: Using PESTLE Analysis to Identify Potential External Risks
Arun Mani

Assessing Risks Related to Energy Transition