RISK MANAGEMENT FOR INFORMATION TECHNOLOGY

Risk Management for Information Technology



Abstract

The paper describes Risk Management for Information Technology. As many organizations use a combined approach, but the general and informal approaches are the methods of choice because they demand the least time, knowledge and financial resources. Economizing in this area is probably the reason why most organizations evaluate their information security system as weak or inadequate. It is a fact that, the use of information technology (IT) in organizations is subject to various kinds of potential risks. This article explores the environment of IT in organizations, identifies the probable threats, and proposes a framework for integrated risk management. Organizational risk can include many types of risk (e.g., program management risk, investment risk, budgetary risk, legal liability risk, safety risk, inventory risk, supply chain risk, and security risk). Security risk related to the operation and use of information systems is just one of many components of organizational risk that senior leaders/executives address as part of their ongoing risk management responsibilities.

Risk Management for Information Technology

Introduction

It is important in any organization to have a tool that guarantees the correct evaluation of risks, which are subjected to the processes and activities involved in the area information, and through procedures of control is to evaluate the performance of the computing environment. Information security is one of the most essential aspects of successful operation of every modern organization. We can compare this with human life: a certain level of risk is always attached to any human activity, irrespective of its importance. In the digital era, every organization strives to achieve its goals with the use of information systems. For this reason it is necessary for information systems to operate safely and undisturbed. Stoneburner, Gougen, and Feringa (2002) believe that the information field is the most exposed and vulnerable spot in an organizational structure. Organizations must therefore, be thoroughly aware of every potential threat, otherwise consequences can be fatal to their existence (Stoneburner, 2002).

Thesis Statement

This paper represents a useful source of information for companies establishing information security risk management systems, and it represents the basis for further research.

Research Analysis

Seeing the need in the business environment of such tools and taking into account that one of the main causes of problems within the computing environment is the inadequate management of IT risk, this work provides support for proper management of the management of risks, based on the following aspects:

Assessment of the risks inherent in IT processes

Assessing the causes of threats or risks

The controls used to minimize threats to risks

The allocation of responsibility for IT processes

The evaluation of the elements of the analysis of risks

Definition and Perception of Information Security Risk Management

There is no perfect protection against malicious attacks on data and information. The reason for this is the fact that even the most advanced security systems are targeted by more and more complicated threats. In order to protect themselves, organizations have to take all due precautions their approach must be defensive and ...