Operationalizing IT Risk Management

In a study of four major global organisations conducted during 2002, it was found that all conducted some form of risk assessment to assist in the management of security risks. However, when we analysed the risks that they addressed, three of the four organisations had major gaps in their risk asses...

Ausführliche Beschreibung

Gespeichert in:

Bibliographische Detailangaben
Veröffentlicht in:	Computers & security 2003-01, Vol.22 (6), p.487-493
Hauptverfasser:	Coles, Robert S, Moulton, Rolf
Format:	Artikel
Sprache:	eng
Schlagworte:	Information technology Organizational behavior Risk assessment Security management Studies
Online-Zugang:	Volltext
Tags:	Tag hinzufügen Keine Tags, Fügen Sie den ersten Tag hinzu!

container_end_page	493
container_issue	6
container_start_page	487
container_title	Computers & security
container_volume	22
creator	Coles, Robert S Moulton, Rolf
description	In a study of four major global organisations conducted during 2002, it was found that all conducted some form of risk assessment to assist in the management of security risks. However, when we analysed the risks that they addressed, three of the four organisations had major gaps in their risk assessment coverage that could result in significant risks being missed. We wondered: why did the gaps exist; are there inhibitors to effective risk assessment; are there blind spots; are approaches to risk assessment deficient in some way; how could we make the process of risk assessment more robust but easier to do? This paper seeks to address some of these questions.
doi_str_mv	10.1016/S0167-4048(03)00606-0
format	Article
fullrecord	<record><control><sourceid>proquest_cross</sourceid><recordid>TN_cdi_proquest_miscellaneous_27937710</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><els_id>S0167404803006060</els_id><sourcerecordid>27937710</sourcerecordid><originalsourceid>FETCH-LOGICAL-c365t-ecb55b465b090fcded065c92b7c60d123e481ccd502a0a32c76f73865ea051353</originalsourceid><addsrcrecordid>eNqFkE1LAzEQQIMoWKs_QSgKoofVSbL56ElK8aNQKWg9h2x2tqRud2uyK-ivd9uKBy9eZi5vHswj5JTCNQUqb166oZIUUn0J_ApAgkxgj_SoViyRDPQ-6f0ih-QoxiUAVVLrHjmfrTHYxteVLf2XrxaDyXzw7OPb4MlWdoErrJpjclDYMuLJz-6T1_u7-fgxmc4eJuPRNHFciiZBlwmRpVJkMITC5ZiDFG7IMuUk5JRxTDV1LhfALFjOnJKF4loKtCAoF7xPLnbedajfW4yNWfnosCxthXUbDVNDrhSFDjz7Ay7rNnQfdAxslZx3kNhBLtQxBizMOviVDZ-Ggtl0M9tuZhPFADfbbmYjv93dYffqh8dgovNYOcx9QNeYvPb_GL4BpHVyMQ</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>207386533</pqid></control><display><type>article</type><title>Operationalizing IT Risk Management</title><source>Elsevier ScienceDirect Journals</source><creator>Coles, Robert S ; Moulton, Rolf</creator><creatorcontrib>Coles, Robert S ; Moulton, Rolf</creatorcontrib><description>In a study of four major global organisations conducted during 2002, it was found that all conducted some form of risk assessment to assist in the management of security risks. However, when we analysed the risks that they addressed, three of the four organisations had major gaps in their risk assessment coverage that could result in significant risks being missed. We wondered: why did the gaps exist; are there inhibitors to effective risk assessment; are there blind spots; are approaches to risk assessment deficient in some way; how could we make the process of risk assessment more robust but easier to do? This paper seeks to address some of these questions.</description><identifier>ISSN: 0167-4048</identifier><identifier>EISSN: 1872-6208</identifier><identifier>DOI: 10.1016/S0167-4048(03)00606-0</identifier><identifier>CODEN: CPSEDU</identifier><language>eng</language><publisher>Amsterdam: Elsevier Ltd</publisher><subject>Information technology ; Organizational behavior ; Risk assessment ; Security management ; Studies</subject><ispartof>Computers & security, 2003-01, Vol.22 (6), p.487-493</ispartof><rights>2003 Elsevier Science Ltd</rights><rights>Copyright Elsevier Sequoia S.A. 2003</rights><lds50>peer_reviewed</lds50><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c365t-ecb55b465b090fcded065c92b7c60d123e481ccd502a0a32c76f73865ea051353</citedby></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://www.sciencedirect.com/science/article/pii/S0167404803006060$$EHTML$$P50$$Gelsevier$$H</linktohtml><link.rule.ids>314,776,780,3537,27901,27902,65306</link.rule.ids></links><search><creatorcontrib>Coles, Robert S</creatorcontrib><creatorcontrib>Moulton, Rolf</creatorcontrib><title>Operationalizing IT Risk Management</title><title>Computers & security</title><description>In a study of four major global organisations conducted during 2002, it was found that all conducted some form of risk assessment to assist in the management of security risks. However, when we analysed the risks that they addressed, three of the four organisations had major gaps in their risk assessment coverage that could result in significant risks being missed. We wondered: why did the gaps exist; are there inhibitors to effective risk assessment; are there blind spots; are approaches to risk assessment deficient in some way; how could we make the process of risk assessment more robust but easier to do? This paper seeks to address some of these questions.</description><subject>Information technology</subject><subject>Organizational behavior</subject><subject>Risk assessment</subject><subject>Security management</subject><subject>Studies</subject><issn>0167-4048</issn><issn>1872-6208</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2003</creationdate><recordtype>article</recordtype><recordid>eNqFkE1LAzEQQIMoWKs_QSgKoofVSbL56ElK8aNQKWg9h2x2tqRud2uyK-ivd9uKBy9eZi5vHswj5JTCNQUqb166oZIUUn0J_ApAgkxgj_SoViyRDPQ-6f0ih-QoxiUAVVLrHjmfrTHYxteVLf2XrxaDyXzw7OPb4MlWdoErrJpjclDYMuLJz-6T1_u7-fgxmc4eJuPRNHFciiZBlwmRpVJkMITC5ZiDFG7IMuUk5JRxTDV1LhfALFjOnJKF4loKtCAoF7xPLnbedajfW4yNWfnosCxthXUbDVNDrhSFDjz7Ay7rNnQfdAxslZx3kNhBLtQxBizMOviVDZ-Ggtl0M9tuZhPFADfbbmYjv93dYffqh8dgovNYOcx9QNeYvPb_GL4BpHVyMQ</recordid><startdate>20030101</startdate><enddate>20030101</enddate><creator>Coles, Robert S</creator><creator>Moulton, Rolf</creator><general>Elsevier Ltd</general><general>Elsevier Sequoia S.A</general><scope>AAYXX</scope><scope>CITATION</scope><scope>7SC</scope><scope>8FD</scope><scope>JQ2</scope><scope>K7.</scope><scope>L7M</scope><scope>L~C</scope><scope>L~D</scope></search><sort><creationdate>20030101</creationdate><title>Operationalizing IT Risk Management</title><author>Coles, Robert S ; Moulton, Rolf</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c365t-ecb55b465b090fcded065c92b7c60d123e481ccd502a0a32c76f73865ea051353</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2003</creationdate><topic>Information technology</topic><topic>Organizational behavior</topic><topic>Risk assessment</topic><topic>Security management</topic><topic>Studies</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Coles, Robert S</creatorcontrib><creatorcontrib>Moulton, Rolf</creatorcontrib><collection>CrossRef</collection><collection>Computer and Information Systems Abstracts</collection><collection>Technology Research Database</collection><collection>ProQuest Computer Science Collection</collection><collection>ProQuest Criminal Justice (Alumni)</collection><collection>Advanced Technologies Database with Aerospace</collection><collection>Computer and Information Systems Abstracts Academic</collection><collection>Computer and Information Systems Abstracts Professional</collection><jtitle>Computers & security</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Coles, Robert S</au><au>Moulton, Rolf</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Operationalizing IT Risk Management</atitle><jtitle>Computers & security</jtitle><date>2003-01-01</date><risdate>2003</risdate><volume>22</volume><issue>6</issue><spage>487</spage><epage>493</epage><pages>487-493</pages><issn>0167-4048</issn><eissn>1872-6208</eissn><coden>CPSEDU</coden><abstract>In a study of four major global organisations conducted during 2002, it was found that all conducted some form of risk assessment to assist in the management of security risks. However, when we analysed the risks that they addressed, three of the four organisations had major gaps in their risk assessment coverage that could result in significant risks being missed. We wondered: why did the gaps exist; are there inhibitors to effective risk assessment; are there blind spots; are approaches to risk assessment deficient in some way; how could we make the process of risk assessment more robust but easier to do? This paper seeks to address some of these questions.</abstract><cop>Amsterdam</cop><pub>Elsevier Ltd</pub><doi>10.1016/S0167-4048(03)00606-0</doi><tpages>7</tpages></addata></record>
fulltext	fulltext
identifier	ISSN: 0167-4048
ispartof	Computers & security, 2003-01, Vol.22 (6), p.487-493
issn	0167-4048 1872-6208
language	eng
recordid	cdi_proquest_miscellaneous_27937710
source	Elsevier ScienceDirect Journals
subjects	Information technology Organizational behavior Risk assessment Security management Studies
title	Operationalizing IT Risk Management
url	https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-02-04T00%3A40%3A00IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_cross&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Operationalizing%20IT%20Risk%20Management&rft.jtitle=Computers%20&%20security&rft.au=Coles,%20Robert%20S&rft.date=2003-01-01&rft.volume=22&rft.issue=6&rft.spage=487&rft.epage=493&rft.pages=487-493&rft.issn=0167-4048&rft.eissn=1872-6208&rft.coden=CPSEDU&rft_id=info:doi/10.1016/S0167-4048(03)00606-0&rft_dat=%3Cproquest_cross%3E27937710%3C/proquest_cross%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=207386533&rft_id=info:pmid/&rft_els_id=S0167404803006060&rfr_iscdi=true