Operationalizing IT Risk Management

Operationalizing IT Risk Management

In a study of four major global organisations conducted during 2002, it was found that all conducted some form of risk assessment to assist in the management of security risks. However, when we analysed the risks that they addressed, three of the four organisations had major gaps in their risk asses...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:Computers & security 2003-01, Vol.22 (6), p.487-493
Hauptverfasser: Coles, Robert S, Moulton, Rolf
Format: Artikel
Sprache:eng
Schlagworte:
Information technology
Organizational behavior
Risk assessment
Security management
Studies
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:In a study of four major global organisations conducted during 2002, it was found that all conducted some form of risk assessment to assist in the management of security risks. However, when we analysed the risks that they addressed, three of the four organisations had major gaps in their risk assessment coverage that could result in significant risks being missed. We wondered: why did the gaps exist; are there inhibitors to effective risk assessment; are there blind spots; are approaches to risk assessment deficient in some way; how could we make the process of risk assessment more robust but easier to do? This paper seeks to address some of these questions.
ISSN:0167-4048
1872-6208
DOI:10.1016/S0167-4048(03)00606-0