Many large and medium sized businesses have the interesting problem of understanding and inventorying the various applications in use across diverse regions and departments. Without this clear understanding of how these applications are being used, who owns them, what type of data is stored inside, and the management of each application, CIOs and management’s ability to assess risks are greatly handicapped.

How to Manage Application Risk

Here are a few steps to get moving in the right direction:

1. Application Inventory: First, management has to have an accurate inventory of the applications in use throughout the organization as well as a few basic details. I usually inspect various system listings, perform interviews, and observe the applications themselves to paint a clear picture of the Company’s application environment.

Pro-Tip: IT Operations may be able to assist with building an accurate Application Inventory. IT management applications and platforms such as Microsoft SCCM, ManageEngine, McAfee ePolicy Orchestrator and Symantec Endpoint Protection Manager are all capable of collecting and exporting application usage statistic for the organization.

App Risk 1

2. Risk Score:Once you have a clear picture of all of the applications in your environment you can develop a risk scoring system. I typically try to think through the different factors that may create risk in each application, assign a weighted score, and enter the relevant data. If you are tech savvy you can even automate this process.

App Risk 2

3. Project Selection: Not that you have a full inventory of applications and understand the associated risk of each application you can use this information to drive project selection and the dedication of internal resources and budget.

Am I missing anything? How are you managing application risk?