WHITEPAPER - Risk Reduction Through Proactive Problem Management
Chris Hodder
ITSM hosting and enterprise service management consultant | IT asset management strategies, toolset implementation and integration, and technology that aligns with your business goals to deliver maximum value and ROI
Introduction
I have a suspicion that out of all the ITIL v3 processes it is the Problem Management process that is least understood. In part, I believe this is due to an entrenched view that exists in most IT organisations that problem management is basically the same as, or subordinate to, incident management. This is wrong, as problem management has a wider role to play. First, it is important to realise that problem management is as equally allied to risk management as it is to incident management.
Where problem management deals with existing problems, risk management deals with identifying future problems.
Clearly, a synergy exists between the two functions. Why is this important? To answer this question, we must first understand the role of IT risk management.
What is IT Risk Management?
Today, more than ever, there exist many high-profile IT risks that if not handled correctly can damage the reputation of the company – I’m referring here to the security risks of cyberattacks.
If you think this might be an exaggeration, then I can do no better than quote from the 2018 Second Annual Report from the UK National Cyber Centre (NCSC) 1 . It states that:
“Since it became fully operational in 2016, the NCSC’s cyber security front line has provided support on 1,167 cyber incidents – including 557 in the last 12 months. The report reveals most of the attacks against the UK are carried out by a hostile nation state”.
Note that this statistic refers to a ‘hostile nation state’ – so we are not just talking about criminals deploying ransomware or amateur hackers going phishing (annoying as they are) – these cyberattacks are a magnitude more serious as they target UK government institutions and infrastructure.
I suspect it is not going to get much better in the future. This raises a further question – are companies prepared to meet these security issues?
The recent UK Government’s Cyber Governance Health Check2 found that:
‘Only a third of the UK’s top 350 businesses understand the threat of a cyberattack’
And, according to the Minister for the Digital Economy – ‘too many firms are losing money, data and consumer confidence with the vast number of cyberattacks. It’s crucial that businesses are secure and can protect data’.
So how does this relate to Problem Management?
As mentioned previously, problem management deals with current problems and risk management addresses future problems; i.e. they both address vulnerabilities – internal and external.
As the overarching purpose in an IT organisation is the integrity of service delivery it is critical that the key functions of IT risk management, IT security and IT systems architecture are better aligned with the function of problem management. Together, these functions will form the basis of a much stronger ‘core’ to identify and reduce the system vulnerabilities that can result in system downtime.
To achieve this, problem management must be re-positioned in a more central role in an IT organisation, and I will revisit this re-positioning in more detail later in this paper.
?