Abstract
The security of a company's information system (IS) is an important requirement for the pursuit of its business. Risk management contributes to the protection of the IS assets. It saves the organism from the losses caused by the emergence of unwanted events having an incidence on the IS objectives and consequently on its strategy. It has also an important role in the decision making about entering new opportunities. In addition, it promises an optimal allocation of information system resources. The risk management process aims to analyze what can happen and what are the eventual consequences for the organization before deciding what needs to be done and reducing the risks to an acceptable level. This paper presents a literature review of IS risk management and gives a comparative analyse of its processes, methods and standards.
Highlights
Risk management is an extremely important discipline in the governance of information systems
information technology (IT) Risk identifies three types of risks (Stachtchenko, 2009): (1) Provision of IT services. This risk is associated with the IT services performance and availability that can lead to loss or impairment (Service interruptions, security issues, compliance issues, etc.), (2) IT solutions Provision and realization of the benefits associated with the information system (IS) contribution to new business solutions or improved solutions in the form of programs and projects (Quality of projects, Relevance of projects, Exceedments, ...), (3) Realization of benefits associated with missed opportunities for use technology to improve the efficiency and effectiveness of business processes or leverage new business initiatives (Stachtchenko, 2009)
We present an overview about the risk management (RM) of information systems (IS)
Summary
Risk management is an extremely important discipline in the governance of information systems. It can help organizations with optimizing their costs insofar as dealing with incidents requiring often more effort than avoiding them (McKeen & Smith, 2003). A primary mission of Risk Managers is to help companies to maximize profit through minimizing the cost of risk (Lei, 2011). There is a real need of an information system risk management literature review which is the main of this paper. The search was constructed from the keywords “Risk”, “information security”, “IS risk management” and “risk management” This delimiting method based on the use of keywords helps us to find the most relevant papers through linking concepts.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.