1.

Project Fail This class of risk is concerned with IT projects failing, considering both designated, IT projects and business projects with a significant and critical component of IT. New air traffic system already obsolete: National Air Traffic Services (Nats) is already looking at replacing the systems at its new control centre at Swanwick in Hampshire, even though the system doesn't become operational until next week. Now running six years late and 180m over budget, the system will control 200,000 square miles of airspace over England and Wales, looking after two million flights a year. It will finally go live on 27 January. But long-term planners are already looking at replacing the systems. Swanwick was originally meant to be operational by 1997, but problems with the development of software by Lockheed Martin caused delays, according to Nats. 2. IT service continuity IT service continuity addresses the IT aspect of business continuity. In todays economy, business processes increasingly rely on information and communication technology (ICT) and electronic data (e-data). ICT systems and e-data are, therefore, crucial components of the processes and their safe and timely restoration is of paramount importance. If such systems are disrupted, an organisations operations can grind to a halt. If the interruption is serious enough, and no risk management planning has occurred, a firm may even go out of business.In summary the IT Service Continuity Plan should typically contain the following information:
y y y y y y y y y y y y

Details of the combined component Recovery Time Object and Recovery Point Objectives and inclusion of the IT Requirements Gap Analysis IT Architecture Roles and Responsibilities Invocation Procedures Damage Assessment Escalation and process flow charts Detailed procedures specifying how to recover each component of the IT system Test Plans specifying how to test that each component has been recovered successfully Incident Logs Contact Details Fail-back procedures IT Test Plan

These plans detail the four stages:

y y

Initial response: damage assessment and invocation of the appropriate incident management teams. Service recovery: this maybe staged and offer a degraded service.

Service delivery in abnormal circumstances: interim measures may include relocation of services to another site or utilisation of spare equipment (often training or test servers). This is a temporary measure to provide a limited service until normal service can be resumed. Normal service resumption: returning to the usual service, fail-back from the abnormal service delivery.

Example : Server down menyebabkan kekacauan dalam penerimaan murid, Kekacauan Penerimaan Peserta
Didik Baru (PPDB) secara online di DKI Jakarta menimbulkan kehebohan di kalangan orang tua dan juga menjadi berita utama di berbagai media. Berbagai pihak yang terlibat memberikan penjelasan atas peristiwa tersebut. Kepala Dinas Pendidikan DKi di hadapan Komisi E DPRD DKI menyatakan bahwa penyebabnya adalah kerusakan pada server komputer.(

3. INFORMATION ASSETS
An Information Asset is organized Information that is valuable and easily accessible to those who need it. Information Assets comprise a wide range of corporate product, service and process information.

Ten Characteristics of an Information Asset 1. An Information Asset is any organized documentation or data incorporated into a communication structure that empowers the organization to have a better chance of reaching its goals. 2. An Information Asset is created by organizing Information to resolve an important issue in the organization. 3. An Information Asset may exist entirely within a single department or may be spread across the entire organization. 4. An Information Asset may be part of an Enterprise Application or may be entirely separate. 5. An Information Asset may be an organized and maintained data archive. 6. An Information Asset may be as simple as a monthly updated spreadsheet on a shared network drive or as complex as a development project ROI dashboard updated on a weekly basis. 7. An Information Asset increases in value according to the number of people able to make gainful use of the Information. 8. An Information Asset increases in value according to the amount of information it aggregates. 9. An Information Asset increases in value according to the amount of analysis it performs converting low level Information into more refined Information. 10. An Information Asset is maintained by people working in a consistent and cooperative manner. Examples of Information Assets End User (external) Information Assets

y y y y y y y y y

Modular and archived Product manuals Modular and archived Service manuals Modular and archived Installation guides Modular and archived Update guides Archived Software developers kits (SDKs) Archived Application Programming Interfaces (APIs) Customer Service Information Platform Product Information Platform Service Information Platform

End User (internal) Information Assets

y y y y y y

Product Information templates and database Service Information templates and database Customer Information templates and database Automated data analysis Tracking Information Platform Custom Information Dashboard

Business Process Information Assets

y y y y y y y y

Process maps Process database NPI process templates Engineering Change archive ECR and ECO documentation Root Cause Analysis documentation Project Collaboration Information Platform Project Status Information Dashboard

Client Staff Information Assets (training, participation and execution)

y y y y y y

Data capture meetings Cross-department information compilation Cross-department information exchange mechanisms Information/Decision/Action structures Customer status Dashboard Closed-loop process structures

Sony menonaktifkan jaringan PlayStation dan layanan musik digital Qriocity dengan alasan terjadi gangguan eksternal. Saat itu, ternyata, jaringan PlayStation dan Qriocity tengah diobrak-abrik peretas dan mengakibatkan jebolnya 77 juta indentitas pengguna kedua jaringan itu, seperti alamat e -mail, tanggal lahir dan password.

RSA Security (Maret 2011)

Kasus pembobolan data terburuk (dan paling ironis) terjadi saat terdapat perusahaan keamanan yang dibajak. Pengembang software antivirus dan keamanan Kapersky dan Symantec beberapa kali menjadi korban pada Maret 2011. Salah satu pemain terbesarnya, RSA Security, mendapati database internal sensitif dan sangat rahasianya dibobol. Pembobolan RSA termasuk signifikan karena teknologi RSA digunakan untuk mengamankan ribuan sistem lain, dan kini hacker mengetahui cara mengaksesnya. 4. Service providers and vendors
A service provider is a business that supplies expert care or specialized services rather than an actual product. The term is usually saved for companies related to communication or technology, such as mobile phone companies or Internet service providers. Other service-related businesses, such as banks or mechanics, rarely are called a service provider, even though the name would fit. It is common for companies in this field to provide subscriptions for their clients rather than work through single sales. Example :

Orbiter Mars Crashes Kontraktor yang diberi tanggung jawab perencanaan sistem navigasi NASA memperoleh spesifikasi pembuat software. Tapi bukannya menggunakan sistem metrik, sang kontraktor malah melakukan pengukuran menggunakan satuan imperial. Akibatnya, pesawat ruang angkasa menabrak Mars dan menelan kerugian lebih dari US$125 juta. 5. APPLICATION, FLAKY SYSTEM This risk class deals with failures in the IT applications. Applications are typically systems that users interact with and in most organizations will be a combination of package software and customized software that will to some extent be integrated together. Applications are hosted and run on infrastructure some infrastructure is shared with other applications and some infrastructure is dedicated to running a single application. We deal with infrastructure risk as our next class, understanding that for many IT people a system consists of an application and some
infrastructure.

Explosion of the Ariane 5

Mesin satelit ini jauh lebih cepat daripada model-model sebelumnya tetapi memiliki bug perangkat lunak yang tidak terasa sebelumnya. Satelit diluncurkan dan setelah 36,7 detik mengudara, seketika rusak sendiri dan berubah menjadi bola api yang megah. Biaya pembuatan satelit diperkirakan mencapai US$8 miliar dengan membawa muatan senilai US$500 juta dolar ketika hancur. Ternyata bahwa penyebab kegagalan adalah kesalahan perangkat lunak dalam sistem referensi inersial. Khusus 64 bit floating point number yang berkaitan dengan kecepatan horizontal roket sehubungan dengan platform diubah menjadi integer 16 bit, sehingga konversi gagal.

6. Infrastructures, shaky foundation This risk class deals with failures in the IT infrastructure. Infrastructure is the generic name for the various centralized and distributed computer and network resources upon which applications are hosted and run. Also included within the definition of infrastructure is platform software such as operating systems and database management systems. Example : ERP Implementation Failure At HP The reason proposed was due to the problem faced during the migration to the centralized ERP system. ERP MIGRATION FAILURE The following are the causes of the migration failure: a) Project Team Constitution b) Data Integration Problem c) Demand Forecasting Problems d) Poor Planning & Improper Testing (Risk no 7) e) Inadequate Implementation Support/Training 7. Strategic and emergent, disabled by IT Menurut pendapat Rosemary Cafasaro dalam OBrien (1999) bahwa terdapat beberapa alasan yang menyebabkan kesuksesan atau kegagalan penerapan sistem informasi di dalam suatu perusahaan. Faktor-faktor yang dapat menjadi sebab kegagalan dalam penerapan sistem informasi yaitu kurangnya dukungan dari manajemen eksekutif dan input dari end-user, penyataan kebutuhan dan spesifikasi yang tidak lengkap dan selalu berubah-ubah serta inkompetensi secara teknologi. This risk class deals with the IT capability letting down execution of the business strategy. Impacts are not immediate but will be significant in the businessplanning horizon and beyond. Example : Hershey's ERP Implementation Failure
Based on these scheduling demands, cutover was planned for July of 1999. This go-live scheduling coincided with Hershey's busiest periods - the time during which it would receive the bulk of its Halloween and Christmas orders. To meet the aggressive scheduling demands,Hershey's implementation team had to cut corners on critical systems testing phases. When the systems went live in July of 1999, unforeseen issues prevented orders from flowing through the systems. As a result, Hershey's was incapable of processing $100 million worth of Kiss and Jolly Rancher orders, even though it had most of the inventory in stock. It first tried to squeeze a complex ERP implementation project into an unreasonably short timeline. Sacrificing due diligence for the sake of expediency is a sure-fire way to get caught. Hershey's made another critical scheduling mistake - it timed its cutover during its busy season. It was unreasonable for Hershey's to expect that it would be able to meet peak demand when its employees

had not yet been fully trained on the new systems and business processes. Even in best-case implementation scenarios, companies should still expect performance declines because of the steep learning curves.

Understanding relationships between IT risk classes

REFERENSI
http://m4ulidi4n.blogspot.com/2009/01/mengapa-proyek-ti-gagal.html http://sosbud.kompasiana.com/2010/07/06/server-down-benarkah-penyebab-kekacauan-penerimaanmurid/)

(http://www.informationassetdevelopment.com/what.html?page=21)
( http://www.kabarsaham.com/2011/data-konsumen-jebol-sony-minta-maaf.html )

http://www.kabarsaham.com/2011/inilah-5-pembobolan-privasi-digital-terburuk.html http://www.wisegeek.com/what-is-a-service-provider.htm