Voici une liste des scénarios génériques:
Portfolio establishment and maintenance
- 0101 Wrong programmes are selected for implementation and are misaligned with corporate strategy and priorities.
- 0102 There is duplication between initiatives. Aligned initiatives have streamlined interfaces.
- 0103 A new important programme creates longterm incompatibility with the enterprise architecture.
- 0104 Competing resources are allocated and managed inefficiently and are misaligned to business priorities.
Programme/projects life cycle management
- 0201 Failing (due to cost, delays, scope creep, changed business priorities) projects are not terminated.
- 0202 There is an IT project budget overrun. The IT project is completed within agreed-on budgets.
- 0203 There is occasional late IT project delivery by an internal development department.
- 0204 Routinely, there are important delays in IT project delivery.
- 0205 There are excessive delays in outsourced IT development project.
- 0206 Programmes/projects fail due to not obtaining the active involvement throughout the programme/project life cycle of all stakeholders (including sponsor).
IT investment decision making
- 0301 Business managers or representatives are not involved in important IT investment decision making (e.g., new applications, prioritisation, new technology opportunities).
- 0302 The wrong software, in terms of cost, performance, features, compatibility, etc., is selected for implementation.
- 0303 The wrong infrastructure, in terms of cost, performance, features, compatibility, etc., is selected for implementation.
- 0304 Redundant software is purchased.
IT expertise and skills
- 0401 There is a lack of or mismatched IT-related skills within IT, e.g., due to new technologies.
- 0402 There is a lack of business understanding by IT staff affecting the service delivery/projects quality.
- 0403 There are insufficient skills to cover the business requirements.
- 0404 There is an inability to recruit IT staff. The correct amount of IT staff, with appropriate skills and competencies is attracted to support the business objectives.
- 0405 There is a lack of due diligence in the recruitment process.
- 0406 There is a lack of training leading to IT staff leaving.
- 0407 There is insufficient return on investment regarding training due to early leaving of trained IT staff (e.g., MBA).
- 0408 There is an overreliance on key IT staff. Job rotation ensures that nobody alone possesses the entire knowledge of the execution of a certain activity.
- 0409 There is an inability to update the IT skills to the proper level through training.
Staff operations (human error and malicious intent)
- 0501 Access rights from prior roles are abused. HR and IT administration co-ordinate on a frequent basis to ensure timely removal of access rights, avoiding the possibility of abuse.
- 0502 IT equipment is accidentally damaged by staff.
- 0503 There are errors by IT staff (during backup, during upgrades of systems, during maintenance of systems, etc.).
- 0504 Information is input incorrectly by IT staff or system users.
- 0505 The data centre is destroyed (sabotage, etc.) by staff.
- 0506 There is a theft of a device with sensitive data by staff.
- 0507 There is a theft of a key infrastructure component by staff.
- 0508 Hardware components were configured erroneously.
- 0509 Critical servers in the computer room were damaged (e.g., accident, etc.).
- 0510 Hardware was tampered with intentionally (security devices, etc.).
Information (data breach: damage, leakage and access)
- 0601 Hardware components are damaged, leading to (partial) destruction of data by internal staff.
- 0602 The database is corrupted, leading to retained at a second location.
- 0603 Portable media containing sensitive data (CD, USB drives, portable disks, etc.) is lost/disclosed.
- 0604 Sensitive data is lost/disclosed through logical attacks.
- 0605 Backup media is lost or backups are not checked for effectiveness.
- 0606 Sensitive information is accidentally disclosed due to failure to follow information handling guidelines.
- 0607 Data (accounting, security-related data, sales figures, etc.) are modified intentionally.
- 0608 Sensitive information is disclosed through email or social media.
- 0609 Sensitive information is discovered due to inefficient retaining/archiving/disposing of information.
- 0610 IP is lost and/or competitive information is leaked due to key team members leaving the enterprise.
- 0611 The enterprise has an overflow of data and cannot deduct the business relevant information from the data (e.g., big data problem).
Architecture (architectural vision and design)
- 0701 The enterprise architecture is complex and inflexible, obstructing further evolution and expansion leading to missed business opportunities.
- 0702 The enterprise architecture is not fit for purpose and not supporting the business priorities.
- 0703 There is a failure to adopt and exploit new infrastructure in a timely manner.
- 0704 There is a failure to adopt and exploit new software (functionality, optimisation, etc.) in a timely manner.
Infrastructure (hardware, operating system and controlling technology) (selection/ implementation, operations and decommissioning)
- 0801 New (innovative) infrastructure is installed and as a result systems become unstable leading to operational incidents, e.g., Bring your own device (BYOD) programme.
- 0802 The systems cannot handle transaction volumes when user volumes increase.
- 0803 The systems cannot handle system load when new applications or initiatives are deployed.
- 0804 Intermittently, there are failures of utilities (telecom, electricity).
- 0805 The IT in use is obsolete and cannot satisfy new business requirements (networking, security, database, storage, etc.).
- 0806 Hardware fails due to overheating.
- 0901 There is an inability to use the software to realise desired outcomes (e.g., failure to make required business model or organisational changes).
- 0902 Immature software (early adopters, bugs, etc.) is implemented.
- 0903 The wrong software (cost, performance, features, compatibility, etc.) is selected for implementation.
- 0904 There are operational glitches when new software is made operational.
- 0905 Users cannot use and exploit new application software.
- 0906 Intentional modification of software leading to wrong data or fraudulent actions.
- 0907 Unintentional modification of software leads to unexpected results.
- 0908 Unintentional configuration and change management errors occur.
- 0909 Regular software malfunctioning of critical application software occurs.
- 0910 Intermittent software problems with important system software occur.
- 0911 Application software is obsolete
- 0912 There is an inability to revert back to former versions in case of operational issues with the new version.
Business ownership of IT
- 1001 Business does not assume accountability over those IT areas it should, e.g., functional requirements, development priorities, assessing opportunities through new technologies.
- 1002 There is extensive dependency and use of end-user computing and ad hoc solutions for important information needs, leading to security deficiencies, inaccurate data or increasing costs/inefficient use of resources.
- 1003 Cost and ineffectiveness is related to IT related purchases outside of the procurement process.
- 1004 Inadequate requirements lead to ineffective service level agreements (SLAs).
Supplier selection/ performance, contractual compliance, termination of service and transfer
- 1101 There is a lack of supplier due diligence regarding financial viability, delivery capability and sustainability of supplier’s service.
- 1102 Unreasonable terms of business are accepted from IT suppliers.
- 1103 Support and services delivered by vendors are inadequate and not in line with the SLA.
- 1104 Outsourcer performance is inadequate in a large-scale long-term outsourcing arrangement.
- 1105 There is non-compliance with software licence agreements (use and/or distribution of unlicenced software, etc.).
- 1106 There is an inability to transfer to alternative suppliers due to overreliance on current supplier.
- 1107 Cloud services are purchased by the business without the consultation/involvement of IT, resulting in inability to integrate the service with in-house services.
- 1201 There is non-compliance with regulations, e.g., privacy, accounting, manufacturing.
- 1202 Unawareness of potential regulatory changes have an impact on the operational IT environment.
- 1203 The regulator prevents cross-border dataflow due to insufficient controls.
- 1301 There is no access due to disruptive incident in other premises.
- 1302 Government interference and national business value.
- 1303 Targeted action against the enterprise results in destruction of infrastructure.
Infrastructure theft or destruction
- 1401 There is a theft of a device with sensitive data.
- 1402 There is a theft of a substantial number of development servers.
- 1403 Destruction of the data centre (sabotage, etc.) occurs.
- 1404 There is accidental destruction of individual devices.
- 1501 There is an intrusion of malware on critical operational servers.
- 1502 Regularly, there is infection of laptops with malware.
- 1503 A disgruntled employee implements a time bomb that leads to data loss.
- 1504 Company data are stolen through unauthorised access gained by a phishing attack.
- 1601 Unauthorised users try to break into systems.
- 1602 There is a service interruption due to denial-of-service attack.
- 1603 The web site is defaced.
- 1604 Industrial espionage takes place.
- 1605 There is a virus attack.
- 1606 Hacktivism takes place.
- 1701 Facilities and building are not accessible because of a labour union strike.
- 1702 Key staff is not available through industrial action (e.g., transportation strike).
- 1703 A third party is not able to provide services because of strike.
- 1704 There is no access to capital caused by a strike of the banking industry.
- 1801 The equipment used is not environmentally friendly (e.g., power consumption, packaging).
Acts of nature
- 1901 There is an earthquake.
- 1902 There is a tsunami.
- 1903 There are major storms and tropical cyclones.
- 1904 There is a major wildfire.
- 1905 There is flooding.
- 1906 The water table is rising.
- 2001 New and important technology trends are not identified.
- 2002 There is a failure to adopt and exploit new software (functionality, optimisation, etc.) in a timely manner.
- 2003 New and important software trends are not identified (consumerisation of IT).