Abstract
Developing and managing information systems have always been challenging, but increased security concerns and tighter budget resources have made these tasks even more difficult in recent years. Increased networking, mobility, and telecommuting, while beneficial to business productivity, have introduced serious technical issues and potential security problems. The software risk assessment literature has focused primarily on managerial risks, while security risk models have generally excluded these risks and the associated implementation costs. In addition, the social components of decision-making under risk (e.g., a corporate culture that rewards only on-time, on-budget software delivery) have proven to be a primary risk driver in many environments. On the basis of a high-level risk analysis model, this paper provides a framework that permits assessment and management of the critical risks of technical failures and security breaches of information systems, in conjunction with the managerial risks of exceeding the levels of resources allocated to their development. To do so, we consider explicitly the tradeoffs involved and the effects of resource constraints on system reliability and security. © 2004 Wiley Periodicals, Inc. Syst Eng 8: 15–28, 2005
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
