Abstract
In recent years, the role of risk management has emerged as a key success factor in ensuring the growth on the one hand and the survival on the other hand of any organization. Moreover, dependence on IT has become systematic within any organization. This dependence therefore, implies the importance of implementation of an IT risk management system in order to well manage IT risks. There are several standards that deal with enterprise risk management in general or information security in particular. However, few standards deal with IT risk management. Noting, for example, COBIT 5 (Control Objectives for Information and related Technology) which deals with IT risk management but is complicated to deploy. The purpose of this article is to describe a simplified IT risk management maturity audit system in an organization based on “COBIT 5 for risk”. This system aims to evaluate the maturity of IT risk management before proceeding to the implementation or update of an IT risk management system within an organisation.
Highlights
Taking risks is a prerequisite for the survival and growth of any business
To respond to the limitations of existing standards dealing with IT Risk Management, we have defined in this article, a methodological approach to be adopted to conduct a maturity audit of IT risk management and we have presented a simplified IT risk management maturity audit system within an organization
The main purpose of the proposed system is to evaluate the maturity of IT risk management in an organization, identify the gaps and define the action plans to deploy in order to implement or update IT risk management within the organization
Summary
Taking risks is a prerequisite for the survival and growth of any business. By consequence, it is essential to properly manage and control the risks inherent in the activity, otherwise, if these risks arise, the company will not be able to achieve its objectives [1] [2]. The COBIT 5 framework includes specific documentation for IT risk management called “COBIT 5 for Risk [11]” but this framework is complicated to deploy with a large library of publications requiring operationalization and consolidation of concepts related to IT risk management. To respond to these limitations, we had focused our research on the development of a simplified IT risk management system that can be used within an organization.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
More From: International Journal of Advanced Computer Science and Applications
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.