A proposed framework: An appropriation for principle and practice in information technology risk management

Abstract

This study proposed the appropriation for principle and practice in information technology risk management (ITRM). Due to the various patterns of cyber threat against the advanced information systems and technologies, the well-practiced ITRM is expected from an organization's stakeholders. The well-established principle is the starting point of the practice. The methodology employed in this study is the theoretical review of relevant theories such as principle, practice and task-technology fit, and the review of general ITRM principle and framework documents. Additionally, content analysis method is applied to obtain keywords and classified into groups as derived success factors. The derived success factors for the appropriation consist of a suitable general principle and framework, an organization's well-established principle, a well-designed process, team structure, expertise of team, level of task complexity, and level of interdependence. Additionally, strong risk culture, good communication, training, and tools and techniques. The contribution of the proposed framework is to provide the factors for the appropriate assessment in ITRM principle development and practice.