A General, But Readily Adaptable Model of Information System Risk

Alter, Steven; Sherer, Susan A.

doi:10.17705/1cais.01401

Cited by 58 publications

(70 citation statements)

References 55 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…When an organization fails to understand risk or lacks awareness of risk, it cannot develop effective security policies or other appropriate controls to mitigate the danger to the organization (Alter and Sherer 2004;Baskerville et al 2014). To understand how risk perceptions are formed, Goodhue and Straub (1991) developed a model of security concern based on a manager's attitudes towards the risks inherent in industry, the actions an organization can take to mitigate risk through its' IT environment, and personal expertise and work experience.…”

Section: Introductionmentioning

confidence: 99%

What could possibly go wrong? A multi-panel Delphi study of organizational social media risk

et al. 2016

View full text Add to dashboard Cite

The growth of social media has crossed the boundary from individual to organizational use, bringing with it a set of benefits and risks. To mitigate these risks and ensure the benefits of social media use are realized, organizations have developed a host of new policies, procedures, and hiring practices. However, research to date has yet to provide a comprehensive view on the nature of risk associated with the use of social media by organizations. Using a multi-panel Delphi approach consisting of new entrants to the workforce, certified human resource professionals, and certified Information Technology auditors, this study seeks to understand organizational social media risk. The results of the Delphi panels are compared against a textual analysis of 40 social media policies to provide a comprehensive view of the current state of social media policy development. We conclude with directions for future research that may guide researchers interested in exploring social media risk in organizations.

show abstract

Section: Introductionmentioning

confidence: 99%

What could possibly go wrong? A multi-panel Delphi study of organizational social media risk

et al. 2016

View full text Add to dashboard Cite

show abstract

“…In practice, the security risk analysis is quite complex and full of uncertainty [2]. The uncertainty, existing in the process of risk analysis, has been an important factor that influences the effectiveness of risk analysis.…”

Section: Discussionmentioning

confidence: 99%

“…A1 is developed to learn the BN structure based on reference [11]. (1) The organization develops, disseminates, and updates documented procedures to facilitate the implementation of the physical and environmental protection policy and associated physical and environmental protection controls (2) The organization monitors physical access to the information system to detect and respond to physical security incidents (3) The organization monitors real-time physical intrusion alarms and surveillance equipment (4) The organization employs automated mechanisms to recognize potential intrusions and initiate designated response actions (5) The organization maintains visitor access records to the facility where the information system resides (6) The organization employs automated mechanisms to facilitate the maintenance and review of access records (7) The organization protects power equipment and power cabling for the information system from damage and destruction (8) The organization employs redundant and parallel power cabling paths (9) The organization employs and maintains fire suppression and detection devices/systems for the information system that are supported by an independent energy source (10) The organization employs fire detection devices/systems for the information system that activate automatically and notify the organization and emergency responders in the event of a fire (11) The organization employs an automatic fire suppression capability for the information system when the facility is not staffed on a continuous basis (12) The organization protects the information system from damage resulting from water leakage by providing master shutoff valves that are accessible, working properly, and known to key personnel (13) The organization positions information system components within the facility to minimize potential damage from physical and environmental hazards and to minimize the opportunity for unauthorized access…”

Section: Appendix Amentioning

confidence: 99%

See 1 more Smart Citation

A security risk analysis model for information systems: Causal relationships of risk factors and vulnerability propagation analysis

Feng

Wang

2014

Information Sciences

153

View full text Add to dashboard Cite

“…On the other hand, the nature of relationship between IT and organizational learning is an increasing concern to practitioners; hence numerous authors have developed theories and predictions methods for identifying IT project parameters. Alter and Sherer (2004) suggested that analysis of risk factors would facilitate implementation success. McFarlan (1981) suggested that IJOA 22,2 appropriate attention to risk management in the IS development life cycle would avert some common IT project fiascoes.…”

Section: Literature Reviewmentioning

confidence: 99%

IT project risk assessment of learning organizations by fuzzy set and systems

Taylan

2014

International Journal of Organizational Analysis

View full text Add to dashboard Cite

Purpose -IT projects carry high risk of failure due to the existence of great obstacles during the planning, application and development phase. The projects' risks are multi-dimensional, and they must be assessed by multi-attribute decision-making methods. The purpose of this article is to provide analytic tools to evaluate the learning organization's IT project risks under incomplete and vague information. It was also aimed to place the risk in a proper category and predict the level of it in advance to develop strategies to counteract the high-risk factors. Design/methodology/approach -In this study, three mutual approaches were used to analyze the organizations IT applications. These are enterprise analysis for determination of information requirements of organization, payback method for IT project financial analysis and risk assessment using fuzzy sets and systems. The developed fuzzy model is an expert system which can predict the category of risk for IT projects in learning organizations.Findings -This study revealed that the greatest obstacles to IT project success were the lack of organizational learning, resistance to change, etc. User involvement limitation was found to be also one of the common reasons of IT project failure. The information sharing policy was determined to increase productivity of employees in offices and to decide the creators and the users of knowledge. Learning is a continuous process for organizational transformation. Individual and organizational learning were searched to minimize the level of risks factors and learning culture. IT project risks were categorized properly using fuzzy sets and systems to reduce or even eliminate high risks. Originality/value -The paper is original and gives the first such work for industry.

show abstract

A General, But Readily Adaptable Model of Information System Risk

Cited by 58 publications

References 55 publications

What could possibly go wrong? A multi-panel Delphi study of organizational social media risk

What could possibly go wrong? A multi-panel Delphi study of organizational social media risk

A security risk analysis model for information systems: Causal relationships of risk factors and vulnerability propagation analysis

IT project risk assessment of learning organizations by fuzzy set and systems

Contact Info

Product

Resources

About