IT Complexity, Risk, and Resilience

  • Tuesday, 04/04/2017: 10:45 AM - 11:45 AM
  • Room: 515B
  • Session Number:  SEC10


We live in a technology driven world. Every possible business processes has been automated; automated to the point where Information Technology is deeply embedded in the operating fabric of the organization. The modern organization is now highly dependent on information technology. Simultaneously, and quite unintentionally, information technology has introduced new, and quite significant, exposures have been created through a combination technologies’ complexity, its enmeshed interdependence, and its brittle infrastructure. These deceptive new exposures have oozed into every layer of the organization and across every market-segment. Today even a brief disruption to IT therefore, could significantly reduce the ability for an organization to implement their intended strategy. Moreover, the likelihood that an organization will experience a disruption to IT is far greater than any business interruption caused by a disaster or ‘black swan’ event. The “Big Question” is how to optimize scarce resources today, to achieve the greatest reduction in future losses. The Big Question has two components: (1) which risks are the serious ones and (2) what are the optimal risk-reduction actions. The real problem for `traditional’ approaches like the Business Impact Analysis (BIA) and qualitative High-Medium-Low Risk analysis, is not that they are wrong, but that they offer no guidance on how to improve the situation. These traditional methods offer little advice for answering the Big Question. In fact, they can be dysfunctional. The unintended consequence of these outdated methods has been that the operational aspects of IT have been systematically neglected: This might be the biggest blunder in business today.

Learning Objectives

This session will present the rudiments of an economic loss-expectancy (LE) risk model that answers two very important questions:
Which risks are the serious ones, and
What are the optimal risk-reduction actions
How this model economically-quantifies operational risk to identify the serious and salient risks, and more importantly and provides the ‘cause-and-effect’ correlation needed to rationally evaluate the risk-reduction tradeoffs essential to deliver competitive advantage.


Dennis Wenk

Director, Global Advisory Consulting Resiliency & Continuity
Veritas Technologies LLC