Information Risk Assessment – Industry perspective with Sunil Bakshi
Edited by – Sristy Changkakoti
Safety is a myth,
Risk is the reality,
Fear is the mind killer.
“..Wells Fargo recently paid $185 million in penalties – the highest fine levied by the Consumer Financial Protection Bureau (CFPB)…”
“..Volkswagen has been hit with over 30 federal lawsuits and 40%+ decline in stock value, all stemming from the same source—poor Enterprise Risk Management…”
“..The recent Wendy’s data breach….Wendy’s is undoubtedly suffering reputational damage – hackers had extended access to customer names, card numbers, security verifications, and more…”
These are some of the most famous happenings in the world that have shook our business industry so thoroughly that the need for Risk Management and Assessment is now becoming a priority not only for the executive decision makers but also the developers at the bottom most rang of the authority ladder.
As future MBAs in IT we cannot be stay ignorant of this issue as it happens on the frontlines hence on the 26th August, 2017, we were delighted to welcome Mr. Sunil Bakshi, along with Prof. Vidyavati Ramteke, to speak on ‘What constitutes an Industry Risk Assessment Process?’.
He started the talk with few lines from the beautiful poem by Rudyard Kipling – ‘Six honest serving men’… I keep six honest serving-men
(They taught me all I knew); their names are What and Why and When
And How and Where and Who…
…highlighting that the main part of risk analysis in industry begins only when you ask QUESTIONS. According to him, Risk is Common Sense and is done mostly through communication where listening is the most important feature, therefore Risk Management is Common Sense Formalized.
Next he tackled the issue of various terms related to Risk that most people use interchangeably like Risk Appetite, Risk Tolerance, Risk Capacity, Risk Owner, Risk Custodian and scenario and so on giving famous examples of Nick Leeson of Barings Bank, UK. Adding onto this he explained Risk
Management in a step by step way starting from the first step of identifying the source and making a Threat Profile, next assessing the vulnerabilities of the systems and network by way of penetration testing and finally suggesting appropriate controls.
The need of the hour is Enterprise Risk Management which he further delved into by classifying a Business Module into Strategic, Market and Operational all which contained an element of IT Risk. He stressed on the importance of a risk aware culture and also cited various standards (ISO 27001, 27005, 31000) as well as frameworks (eg. FAIR) and controls regarding risk that should be known to us as future managers.
Towards the end Mr. Bakshi shared a very important know-how that most executive leaders don’t understand the technical terms that we use, hence to properly convey the risk status of the organization we use various ratings like risk rating, impact rating and so on.
At the end a brief questionnaire was done where questions regarding risk in general were asked and equally well answered by the speaker. Our own Prof. Vidyavati Ramteke felicitated Mr. Sunil Bakshi with a small momemto of SCIT and shared her views on the topic.