IT Por to Folio Risk

8/6/2019 IT Por to Folio Risk

1/7


2/7

y Service delivery in abnormal circumstances: interim measures may include relocationof services to another site or utilisation of spare equipment (often training or testservers). This is a temporary measure to provide a limited service until normal servicecan be resumed.

y Normal service resumption: returning to the usual service, fail-back from theabnormal service delivery.

Example :

Server down menyebabkan kekacauan dalam penerimaan murid, Kekacauan Penerimaan PesertaD idik Baru (PP D B) secara online di D KI Jakarta menimbulkan kehebohan di kalangan orang tua dan

juga menjadi berita utama di berbagai media. Berbagai pihak yang terlibat memberikan penjelasanatas peristiwa tersebut. Kepala D inas Pendidikan D Ki di hadapan Komisi E D PR D D KI menyatakan

bahwa penyebabnya adalah kerusakan pada server komputer.(

3 . INFORMATION ASSETS

A n Information A sset is organized Information that is valuable and easily accessible to those whoneed it. Information A ssets comprise a wide range of corporate product, service and processinformation.

Ten Characteristics of an Information Asset

1. An Information Asset is any organized documentation or data incorporated into acommunication structure that empowers the organization to have a better chance of reaching its goals.

2. An Information Asset is created by organizing Information to resolve an importantissue in the organization.

3. An Information Asset may exist entirely within a single department or may be spreadacross the entire organization.

4. An Information Asset may be part of an Enterprise Application or may be entirelyseparate.

5. An Information Asset may be an organized and maintained data archive.6. An Information Asset may be as simple as a monthly updated spreadsheet on a shared

network drive or as complex as a development project ROI dashboard updated on aweekly basis.

7. An Information Asset increases in value according to the number of people able tomake gainful use of the Information.

8. An Information Asset increases in value according to the amount of information itaggregates.

9. An Information Asset increases in value according to the amount of analysis it performs converting low level Information into more refined Information.

10. An Information Asset is maintained by people working in a consistent andcooperative manner.

Examples of Information AssetsEnd User (external) Information Assets


3/7

y Modular and archived Product manualsy Modular and archived Service manualsy Modular and archived Installation guidesy Modular and archived Update guidesy Archived Software developers kits (S D Ks)y Archived Application Programming Interfaces (APIs)y Customer Service Information Platformy Product Information Platformy Service Information Platform

End User (internal) Information Assets

y Product Information templates and databasey Service Information templates and databasey Customer Information templates and databasey Automated data analysisy Tracking Information Platformy Custom Information D ashboard

B usiness Process Information Assets

y Process mapsy Process databasey NPI process templatesy Engineering Change archivey ECR and ECO documentationy Root Cause Analysis documentationy Project Collaboration Information Platformy Project Status Information D ashboard

Client Staff Information Assets (training, participation and execution)

y D ata capture meetingsy Cross-department information compilationy Cross-department information exchange mechanismsy Information/ D ecision/Action structuresy Customer status D ashboardy Closed-loop process structures

Sony menonaktifkan jaringan PlayStation dan layanan musik digital Qriocity dengan alasan terjadigangguan eksternal. Saat itu, ternyata, jaringan PlayStation dan Qriocity tengah diobrak-abrik peretasdan mengakibatkan jebolnya 77 juta indentitas pengguna kedua jaringan itu, seperti alamat e-mail,tanggal lahir dan password.

RSA Security (Maret 20 11)


4/7

Kasus pembobolan data terburuk (dan paling ironis) terjadi saat terdapat perusahaankeamanan yang dibajak. Pengembang software antivirus dan keamanan Kapersky danSymantec beberapa kali menjadi korban pada Maret 2011.

Salah satu pemain terbesarnya, RSA Security, mendapati database internal sensitif dan sangatrahasianya dibobol. Pembobolan RSA termasuk signifikan karena teknologi RSA digunakanuntuk mengamankan ribuan sistem lain, dan kini hacker mengetahui cara mengaksesnya.

4 . Service providers and vendors

A service provider is a business that supplies expert care or specialized services rather than an actual product. The term is usually saved for companies related to communication or technology, such asmobile phone companies or Internet service providers. Other service-related businesses, such as banksor mechanics, rarely are called a service provider, even though the name would fit. It is common for companies in this field to provide subscriptions for their clients rather than work through single sales.

Example :

Orbiter Mars Crashes

Kontraktor yang diberi tanggung jawab perencanaan sistem navigasi NASA memperolehspesifikasi pembuat software. Tapi bukannya menggunakan sistem metrik, sang kontraktor malah melakukan pengukuran menggunakan satuan imperial. Akibatnya, pesawat ruangangkasa menabrak Mars dan menelan kerugian lebih dari US$125 juta.

5 . APPLICATION, FLAKY SYSTEM

This risk class deals with failures in the IT applications. Applications are typically systemsthat users interact with and in most organizations will be a combination of package softwareand customized software that will to some extent be integrated together. Applications arehosted and run on infrastructure some infrastructure isshared with other applications and some infrastructure is dedicated to running a singleapplication. We deal with infrastructure risk as our next class, understanding that for many IT

people a system consists of an application and some

infrastructure.

Explosion of the Ariane 5

Mesin satelit ini jauh lebih cepat daripada model-model sebelumnya tetapi memiliki bug perangkatlunak yang tidak terasa sebelumnya. Satelit diluncurkan dan setelah 36,7 detik mengudara, seketikarusak sendiri dan berubah menjadi bola api yang megah. Biaya pembuatan satelit diperkirakanmencapai US$8 miliar dengan membawa muatan senilai US$500 juta dolar ketika hancur.

Ternyata bahwa penyebab kegagalan adalah kesalahan perangkat lunak dalam sistem referensiinersial. Khusus 64 bit floating point number yang berkaitan dengan kecepatan horizontal roketsehubungan dengan platform diubah menjadi integer 16 bit, sehingga konversi gagal.


5/7

6 . Infrastructures, shaky foundation

This risk class deals with failures in the IT infrastructure. Infrastructure is the generic namefor the various centralized and distributed computer and network resources upon whichapplications are hosted and run. Also included within the definition of infrastructure is

platform software such as operating systems and database management systems.

Example :

ERP Implementation F ailure At HP The reason proposed was due to the problem facedduring the migration to the centralized ERP system.

ERP MIGRATION F AILUREThe following are the causes of the migration failure:

a) Project Team Constitution b) D ata Integration Problemc) D emand F orecasting Problemsd) Poor Planning & Improper Testing (Risk no 7)e) Inadequate Implementation Support/Training

7 . Strategic and emergent, disabled by IT

Menurut pendapat Rosemary Cafasaro dalam OBrien (1999) bahwa terdapat beberapa alasanyang menyebabkan kesuksesan atau kegagalan penerapan sistem informasi di dalam suatu

perusahaan. F aktor-faktor yang dapat menjadi sebab kegagalan dalam penerapan sisteminformasi yaitu kurangnya dukungan dari manajemen eksekutif dan input dari end-user,

penyataan kebutuhan dan spesifikasi yang tidak lengkap dan selalu berubah-ubah sertainkompetensi secara teknologi.

This risk class deals with the IT capability letting down execution of the business strategy.Impacts are not immediate but will be significant in the businessplanning horizon and beyond.

Example :

H ershey's ERP Implementation Failure

Based on these scheduling demands, cutover was planned for July of 1999. This go-live schedulingcoincided with Hershey's busiest periods - the time during which it would receive the bulk of itsHalloween and Christmas orders. To meet the aggressive scheduling demands,Hershey'simplementation team had to cut corners on critical systems testing phases. When the systems went

live in July of 1999, unforeseen issues prevented orders from flowing through the systems. As aresult, Hershey's was incapable of processing $100 million worth of Kiss and Jolly Rancher orders,even though it had most of the inventory in stock.

It first tried to squeeze a complex ERP implementation project into an unreasonably short timeline.Sacrificing due diligence for the sake of expediency is a sure-fire way to get caught.

Hershey's made another critical scheduling mistake - it timed its cutover during its busy season. It wasunreasonable for Hershey's to expect that it would be able to meet peak demand when its employees


6/7

had not yet been fully trained on the new systems and business processes. Even in best-caseimplementation scenarios, companies should still expect performance declines because of the steeplearning curves.

Understanding relationships between IT risk classes


7/7

REFERENSI

http://m4ulidi4n.blogspot.com/2009/01/mengapa-proyek-ti-gagal.html

http://sosbud.kompasiana.com/2010/07/06/server-down-benarkah-penyebab-kekacauan-penerimaan-murid/ )

(http://www.informationassetdevelopment.com/what.html?page=21 )

( http://www.kabarsaham.com/2011/data-konsumen-jebol-sony-minta-maaf.html )

http://www.kabarsaham.com/2011/inilah-5-pembobolan-privasi-digital-terburuk.html

http://www.wisegeek.com/what-is-a-service-provider.htm

Documents

IT Por to Folio Risk