Corporate IT Risk Management model: A holistic view at managing information system security risks

Proceedings of the ITI 2012 34th International Conference on Information Technology Interfaces Pub Date : 2012-06-25 DOI:10.2498/iti.2012.0461

M. Spremić

{"title":"Corporate IT Risk Management model: A holistic view at managing information system security risks","authors":"M. Spremić","doi":"10.2498/iti.2012.0461","DOIUrl":null,"url":null,"abstract":"Most organizations in all sectors of industry, commerce and government are fundamentally dependent on their information systems (IS) and would quickly cease to function should the technology (preferably information technology - IT) that underpins their activities ever come to halt [15]. IS and IT may contribute towards efficiency, productivity and competitiveness improvements of both inter-organizational and intra-organizational systems [1]. Successful organizations manage IT function in much the same way that they manage their other strategic functions and processes. This in particular means that they understand and manage risks associated with growing IT opportunities as well as critical dependence of many business processes on IT and vice-versa. IT risk management issues are not only any more marginal or `technical' problems and become more and more a `business problem'. Therefore, in this paper a Corporate IT Risk Management model is proposed and contemporary frameworks of IT Governance and IS Audit is shown and explained.","PeriodicalId":135105,"journal":{"name":"Proceedings of the ITI 2012 34th International Conference on Information Technology Interfaces","volume":"78 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2012-06-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"8","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the ITI 2012 34th International Conference on Information Technology Interfaces","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.2498/iti.2012.0461","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 8

Abstract

Most organizations in all sectors of industry, commerce and government are fundamentally dependent on their information systems (IS) and would quickly cease to function should the technology (preferably information technology - IT) that underpins their activities ever come to halt [15]. IS and IT may contribute towards efficiency, productivity and competitiveness improvements of both inter-organizational and intra-organizational systems [1]. Successful organizations manage IT function in much the same way that they manage their other strategic functions and processes. This in particular means that they understand and manage risks associated with growing IT opportunities as well as critical dependence of many business processes on IT and vice-versa. IT risk management issues are not only any more marginal or `technical' problems and become more and more a `business problem'. Therefore, in this paper a Corporate IT Risk Management model is proposed and contemporary frameworks of IT Governance and IS Audit is shown and explained.

查看原文本刊更多论文

企业IT风险管理模型:管理信息系统安全风险的整体视图

工业、商业和政府的所有部门中的大多数组织都从根本上依赖于它们的信息系统(IS)，如果支撑它们活动的技术(最好是信息技术- IT)停止工作，它们将很快停止工作。信息系统和信息技术可能有助于提高组织间和组织内系统的效率、生产力和竞争力。成功的组织管理IT功能的方式与管理其他战略功能和过程的方式大致相同。这特别意味着他们理解并管理与不断增长的IT机会以及许多业务流程对IT的关键依赖相关的风险，反之亦然。IT风险管理问题不仅仅是一个边缘或“技术”问题，而且越来越成为一个“业务问题”。因此，本文提出了一个企业IT风险管理模型，并展示和解释了当代IT治理和IT审计框架。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Proceedings of the ITI 2012 34th International Conference on Information Technology Interfaces

自引率

0.00%

发文量