Information Systems (IS) Risk Management



Information Systems (IS) Risk Management

Introduction

Risk is a potential harm that arises from the current process or from some future event. Risk is present in every aspect of our lives and in many other different disciplines which focuses on risk as it applies to them. From the IT security perspective, risk management is the process of understanding and responding to factors that may lead to a failure in several factors such as confidentiality, integrity or availability of an information system. IT security risk causes harm to a process or to the related information resulting from some purposeful or accidental event that negatively impacts the process or the related information.

Today, most organizations recognize the power of information technology for the purpose of reducing the cost. By effectively using information technology, companies have to increase efficiencies in their management and operations. These efficiencies often lead to an increase in the fiscal bottom line (profit), which provides benefits to the shareholders of the corporation.

Information system has a positive impact on the economy and productivity of organizations in the private sector. Technology gains have allowed organizations to keep a competitive edge over their rivals, develop new products and services, realize substantial increases in output and productivity, and ultimately provide fiscal savings.

Barriers in information system implementation

Some organizations view investment in information system as a tool which shifts the focus of the organization from their mission. Organizations face a tricky tradeoff between spending on information system and direct service to clients. Organizations often have particularly low or nonexistent information technology budgets, and often, when looking to reduce expenses, the organizations cut their technology budgets. This lack of an information technology budget or willingness to cut the budget. This exemplifies the fact that organizations lacks interest or sufficient knowledge in allocating money or capital for information system in the infrastructure investment.

Regardless of how individuals acquire their skills, majority of the workers lack technology skills. This requires the organization to invest for the human capital to educate its workforce. Investment in human capital has always remained a challenge. Organization faces two key barriers related to the human capital investment. These barriers are in relation to staff members of the organization. First, no sufficient time provide to work with technology, and second, they are often unwilling to use technology (Pentland, 2000, p.195).

Specifically, human capital challenges revolve around the following: having dedicated information technology staff, staff expertise with information technology, and the availability of staff time. Just as there are internal issues, there are some external human capital issues in relation to the client and other stake holders.

Organizations often deal with clients who lack access to the technology that needs to communicate either with the organization or with individuals in the organization. This is something that causes organizations to put the use of technology aside to serve their clients. Another key external resource related to human capital is consultants. Organizations often rely on consultants or contractors in order to provide support and advice for their information system ...