The hottest risk is greater than information secur

  • Detail

Greater risks than information security

with the prevalence of viruses and the rampant hackers in recent years, information security risks have been recognized and valued by more and more enterprises, and the importance of information security has been widely recognized and valued. With the acceptance of the equipment information safety demonstration project of measuring torque by power information in Jiangsu electric power company, the power industry has found a set of effective solutions to deal with safety risks to a certain extent, but in the management of informatization, there are still some "habitual violations" of information management, such as the unit price of ordinary users in Thailand this year also exceeded 50000 dollars, and important basic data are stored on the device, Data backup is not carried out according to the standard data backup strategy, which is easy to cause data loss and data leakage. The loss caused by data leakage changes with the impact of data on enterprise operation, and the size of data loss changes with the integrity of data, the time range of data and the scope of business. Different losses should adopt different risk coping strategies. There are many articles about information security risks and their countermeasures, which will not be discussed here. What we want to say here is that in the enterprise informatization work, there are other four risks that have a more far-reaching impact than information security risks

the risk of informatization is policy risk first. For state-owned enterprises such as power generation enterprises, power system reform is a great policy risk. Recently, the electric weekly of China Power News reported that Fujian Huadian investment company is preparing to implement the three-year information construction plan, which includes seven main application systems that are basically applied in the existing power industry. The reform of the power system has greatly changed the attributes of many power generation enterprises. Different power groups have different degrees of informatization, different degrees of emphasis, and different strategies. It will have a great impact on the informatization investment of 54 power generation enterprises in the cement industry that were completed and put into operation in 2014, and may produce a lot of repeated investment. Policy risks cannot be avoided by the enterprise itself. The key is that the policy-making department should consider relevant factors and give guiding opinions to minimize the impact caused by policy factors

the risk of informatization is followed by the planning risk. Before the construction of enterprise informatization, we did make informatization work planning, but because of the difference between the planning level and the development of the enterprise, the investment direction in the early stage was wrong, resulting in the waste of informatization investment. Planning risks can be reduced by some methods, such as consulting companies and other methods, which can reduce the power of many processing and post-processing processes by using the experience of a third party, and can effectively avoid planning errors caused by their own lack of level; Through the construction strategy of "step-by-step implementation, slightly ahead of schedule", the loss of one-time investment can be reduced; By constantly revising the plan, we can improve the consistency between the plan and the enterprise development strategy, so as to reduce the impact of differences. Special attention should be paid to how to take into account the existing application system. The cost of developing a new system may not be large, but the cost of collecting the original data of the original system may be higher than the development cost of the system itself. In short, planning risks can be avoided or mitigated through the efforts of enterprises themselves. The key is for enterprises to recognize the risks of planning

the third risk of informatization is technology risk. The technical risk of informatization is mainly the risk brought by the rapid development of technology in the IT industry. The technology of IT industry is changing with each passing day. After three to five years, the original advanced equipment cannot meet the new application requirements, or even meet the new standards of the industry. The original manufacturer no longer produces spare parts. It is difficult to find spare parts, and even the original manufacturer no longer exists. The original operating system and application system software have become obsolete products, which have lost their universality and cannot be seamlessly connected with new technologies. The future development prospects of these technologies are difficult to predict to some extent, and it is difficult to avoid risks. No matter which enterprise is unable to fundamentally solve them. The appropriate method is "gradual update and continuous improvement", which can reduce the huge impact and loss caused by the sudden change of the system to a certain extent, especially the loss caused by the incompatibility of system data

the fourth risk of informatization is the risk of change. The management reform of enterprises themselves is also an important risk source of informatization. Due to the frequent changes in the organization of the enterprise, the needs of some application system development projects will change frequently. Although the current management information system emphasizes that it should be able to adapt to the management changes of the enterprise itself, the changes in responsibilities with the changes in the organization will lead to changes in the stakeholders of the application system development project with a long time span, causing the project to become a beard project. Many times, we will blame the beard project of an IT project on the inadequate IT project management. Of course, there are reasons in this regard, but the management reform of the enterprise itself is also a very important factor. Today is a period of continuous innovation and development of management. It is beyond reproach that enterprises adapt to the situation and constantly change. The key is to pay attention to the risks of change and adopt corresponding strategies when implementing change, so as to avoid the huge impact of management change on information work

in a word, there are many risks of informatization, among which information security risks have been widely recognized and valued. We should also fully realize the far-reaching impact of policy risks, planning risks, technical risks and management reform risks on enterprise informatization work, and we should not easily ignore them because they cannot be seen in a short time. After so many years of information work, it is time to re-examine these risks


Copyright © 2011 JIN SHI