Abstract
IT risks — risks associated with the operation or use of information technology — have taken on great importance in business, and IT risk management is accordingly important in the science and practice of information management. Therefore, it is necessary to systematize IT risks in order to plan, manage and control for different risk-specific measures. In order to choose and implement suitable measures for managing IT risks, effect-based and causebased procedures are necessary. These procedures are explained in detail for IT security risks because of their special importance.
Highlights
Basic economic and political conditions for business are changing ever more rapidly, and technical developments in information technology (IT) advance at increased speed
IT risks—risks associated with the operation or use of information technology—have taken on great importance in business, and IT risk management is important in the science and practice of information management
It is necessary to systematize IT risks in order to plan, manage and control for different risk-specific measures
Summary
Basic economic and political conditions for business are changing ever more rapidly, and technical developments in information technology (IT) advance at increased speed. IT is increasingly pervasive in business processes. These business processes are becoming more complex. Many businesses have to manage a high degree of dynamic and complexity in using IT. As businesses rely more heavily on well-functioning IT, the risk is rising that IT will become a target of attacks for widely varying reasons (Disterer 2009), from a desire for recognition to greed, sabotage, or espionage, up to retaliation. As IT support becomes an integral part of business processes, the processed data from involved parties become increasingly more substantial. Operational information processing provides a significant target, as it no longer
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have