A business approach to effective information technology risk analysis and management

Halliday, Sharon; Badenhorst, K. P.; Solms, Rossouw von

doi:10.1108/09685229610114178

Cited by 65 publications

(31 citation statements)

References 2 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Table I show several key literatures on the information security risks related to the ICT outsourcing project implementation. [2], [23], [24], [25] Environmental Disaster [26], [27], [28] B. ICT Outsourcing Information Security Risk Factors Information security risks are the chances of threats action for vulnerabilities to cause impacts contributed to information security incidents [2]. Various examples of Information security risks are information leakage, theft of confidential information, extraction or damage and unauthorized exploitation of intellectual properties.…”

Section: A Ict Outsourcing Information Security Risksmentioning

confidence: 99%

Evaluation of Vulnerability Risk Factor: Critical ICT Outsourcing project characteristics

Khidzir

Mohamed

Arshad

2014

2014 4th World Congress on Information and Communication Technologies (WICT 2014)

View full text Add to dashboard Cite

Business Strategist and Technologist Implementers realized that ICT Outsourcing was one of the most successful strategies for ICT operational cost cutting and solved the shortage of ICT expertise or resources to implement an ICT project and services. Unfortunately, the strategy cause's other significant risks that could interrupt the ICT outsourcing venture's success. Information Security Risk (ISR) was considered among the critical significant risk in ICT Outsourcing project. Therefore the objective of this study is to explore the information security Vulnerabilities Risks Factor (VRF) critical level for ICT Outsourcing project characteristics through exploratory analysis approach. About 300 government agencies and private companies from various industries in Malaysia involved in the survey. However, 36% response was analyzed as a sample for the study population. Thus, Vulnerability Risks Factor (VRF) critical level was analyzed and discussed for each common ICT Outsourcing project characteristics implemented in Malaysia. The results of the analysis discovered the evidence of those ICT outsourcing project characteristics, risks exploited through Vulnerabilities Risks Factor (VRF). Several highly critical ICT outsourcing project characteristics were project team size between 10 to 99 members (33.6%), medium size project (28.2%) and outsource the ICT project to more than one service provider. The findings could be used as an indicator for organizations to prepare more effective information security management plan for ICT Outsourcing project. Eventually, the organization could give more priority to the specific ICT Outsourcing project characteristic where the Vulnerability Risks Factor (VRF) level is critical.

show abstract

Section: A Ict Outsourcing Information Security Risksmentioning

confidence: 99%

Evaluation of Vulnerability Risk Factor: Critical ICT Outsourcing project characteristics

Khidzir

Mohamed

Arshad

2014

2014 4th World Congress on Information and Communication Technologies (WICT 2014)

View full text Add to dashboard Cite

show abstract

“…In addition, current risk assessment proceedings lead to simplification and are focused to strong on technical issues rather than on information or business issues [11]. For procedural reasons the assessor will usually simplify otherwise he will be lost in detail and forget the objectives [12]. Additionally, methods follow the waterfall model and therefore are not capable of considering changes during the lifetime of the assessment [31].…”

Section: Risk Determinationmentioning

confidence: 99%

Problem Analysis of Traditional IT-Security Risk Assessment Methods – An Experience Report from the Insurance and Auditing Domain

Taubenberger¹,

Jürjens

et al. 2011

IFIP Advances in Information and Communication Technology

View full text Add to dashboard Cite

Abstract. Traditional information technology (IT) security risk assessment approaches are based on an analysis of events, probabilities and impacts. In practice, security experts often find it difficult to determine IT risks reliably with precision. In this paper, we review the risk determination steps of traditional risk assessment approaches and report on our experience of using such approaches. Our experience is based on performing IT audits and IT business insurance cover assessments within a reinsurance company. The paper concludes with a summary of issues concerning traditional approaches that are related to the identification and evaluation of events, probabilities and impacts. We also conclude that there is a need to develop alternative approaches, and suggest a security requirements-based risk assessment approach without events and probabilities.

show abstract

“…Gollman, 1999;Norman, 1983;Parker, 1998). Several RM approaches have been presented (Wong, 1977;Cooper, 1989;Custance, 1996;Veatc et al, 1995;Moses, 1995;Bennett & Kailay, 1992;Halliday et al 1996;Lichtenstein, 1996;Freeman et al, 1997;Jung et al 1999;Spruit & Samwel, 1999). The terms risk analysis/management/assessment are used very differently by different authors, and without muddling through the terminological mess, we hereafter apply the term RM.…”

Section: Risk Management Techniquesmentioning

confidence: 99%

A Paradigmatic Analysis of Conventional Approaches for Developing and Managing Secure IS

Siponen

2001

IFIP Advances in Information and Communication Technology

View full text Add to dashboard Cite

Abstract:Because the methods of development for Information Systems (IS) do not pay attention to security aspects, several information systems (ISS) security methods have been presented. This paper will analyze traditional/conventional approaches, namely normative standards (e.g. checklists, management and evaluation standards), formal methods, common sense principles and risk management. These approaches will be analyzed in the light of I) the research objectives; II) the organizational role of IS security; III) research approaches used; IV) applicability; and V) a conceptual meta-model for IS. The contribution of the paper is twofold. First the analysis sheds new light on the underlying foundations of the conventional approaches. Second, the analysis suggests several implications for researchers and practitioners.

show abstract

A business approach to effective information technology risk analysis and management

Cited by 65 publications

References 2 publications

Evaluation of Vulnerability Risk Factor: Critical ICT Outsourcing project characteristics

Evaluation of Vulnerability Risk Factor: Critical ICT Outsourcing project characteristics

Problem Analysis of Traditional IT-Security Risk Assessment Methods – An Experience Report from the Insurance and Auditing Domain

A Paradigmatic Analysis of Conventional Approaches for Developing and Managing Secure IS

Contact Info

Product

Resources

About