scholarly journals What Factors Influence Companies’ Successful Implementations of Technology Risk Management Systems?

10.28945/3857 ◽  
2017 ◽  
Vol 1 ◽  
pp. 158-169
Author(s):  
James E Fulford
Keyword(s):  
Risk Management ◽  
Risk Analysis ◽  
Research Question ◽  
Management Systems ◽  
Security Risk ◽  
Professional Certification ◽  
Qualitative And Quantitative ◽  
Body Of Knowledge ◽  
Enterprise Risk ◽  
It Audit

During the initial literature review on this research question, areas of focus included the following: • Current qualitative and quantitative methodologies for technology risk analysis. • Business applications for expanding the use of qualitative and quantitative technology and security risk models. • Implementation of qualitative and quantitative technology and security risk analysis methodologies models by practitioners. Information Technology (IT) risk analysis has become be an integral part of the enterprise risk management systems in many organizations. However, many companies have struggled to effectively implement these systems. This has become a serious problem in many cases where governmental regulations, industry requirements, and even contractual language for doing business have increasingly included technology risk management obligations that companies must meet. Currently, technology risk management is not as mature a field as those like IT Audit or Information Security, which have had professional certification processes for over 23 years. Technology risk management, on the other hand, has had similar certifications for less than 10 years. As such, many of the current technology risk management practitioners have come from other fields, which has made it difficult to construct a common body of knowledge on which technology risk management systems can be built. In many cases, such factors, as well as others, are making it difficult to implement technology risk management systems. This research will seek to evaluate those factors in more detail to determine common ones that have the most impact on the success of technology risk management projects and make recommendations for overcoming the factors that limit the success of these projects.

scholarly journals The UAVs threat to airport security: risk analysis and mitigation

2019 ◽  
Vol 9 (2) ◽  
pp. 63 ◽  
Author(s):  
John Pyrgies
Keyword(s):  
Risk Management ◽  
Risk Analysis ◽  
Mitigation Measures ◽  
Airport Security ◽  
Negative Consequences ◽  
Security Risk ◽  
Risk Matrix ◽  
Safety Risk ◽  
Risk Management Process ◽  
Different Sources

Purpose: This research studies the UAV incidents in the vicinity of worldwide airports in order to deliver a quantitative and qualitative analysis of this phaenomenon, to analyse the risks associated to this threat and propose mitigation measures that brings this risk to an ‘acceptable’ level.Methodology: A population of 139 ‘serious UAV incidents in the vicinity of worldwide airports’ has been constituted on the basis of the FAA and NASA databases and articles published on the Web by online media. This phaenomenon has then been analysed quantitatively using descriptive statistics techniques and qualitatively by analysing in-depth some representative incidents. A risk analysis has then been performed based on the FAA Safety Risk Management 5-steps process to identify the hazards i.e. the root causes of those UAV incidents, determine their outcome i.e. negative consequences that jeopardize airports objectives and assign them a severity level and likelihood i.e. frequency level. Analysed risks have then been assessed based on FAA ARP Risk Matrix. Mitigation measures (prevention, deterrence, denial, detection, neutralisation) have been identified following a ‘Defence-in-Depth’ approach.Findings: The findings of the study are that those UAV incidents are more numerous than anticipated and happen higher and further from the airports than expected: they happen not only in CTRs but also in TMAs. This has an impact on the mitigation measures that shall not only be deployed at airports side but also be on-boarded in manned aircrafts.Originality: To our knowledge, no study has combined different sources to constitute such a population focused on ‘serious’ UAVs incidents around airports worldwide, has applied the official FAA Safety Risk Management process to assess this risk and followed a structured ‘Defence-in-Depth’ approach typically used in Cybersecurity to mitigate this risk.Keywords: Airport security and safety, Unmanned Aerial Vehicles (UAVs) threat, Risk analysis and mitigation, Counter-UAVs technologies.

scholarly journals Ontological support of information security risk management

2021 ◽  
Vol 33 (5) ◽  
pp. 41-64
Author(s):  
Ibrahim Boubacar ◽  
Marina Borisovna Budko ◽  
Mikhail Yurievich Budko ◽  
Alexei Valerievich Guirik
Keyword(s):  
Risk Management ◽  
Information Security ◽  
Security System ◽  
Management Systems ◽  
Security Risk ◽  
Managerial Decision ◽  
Information Security Risk ◽  
Ontological Model ◽  
Intelligent Information ◽  
Security Risk Management

As a result of the work focused on improving the efficiency of the information security system through the development of an ontological model and an approach based on it to ensure information security (IS) risk management, a flexible result was obtained, which is designed to ensure an increase in the efficiency of the information security system by reducing the time spent on managerial decision-making. At the end of the work, a comparative analysis of existing approaches and techniques to information security risk management and the described approach was carried out. Based on the developed ontology and approach, highly intelligent information security risk management systems and the information security system can be created on its basis.

scholarly journals Creating Value Through Enterprise Risk Management

2011 ◽  
Vol 25 (3) ◽  
Author(s):  
Frantz Maurer
Keyword(s):  
Risk Management ◽  
Financial Markets ◽  
Enterprise Risk Management ◽  
Strategic Decision ◽  
Management Systems ◽  
Management Approach ◽  
Financial Risks ◽  
Fully Integrated ◽  
Enterprise Risk ◽  
Integrated Risk

The traditional risk management approach has been characterized as a highly disaggregated method of managing financial risks. Recently, risk management has evolved from a narrow, insurance based view to a holistic; all risk encompassing view, commonly termed Enterprise Risk Management (ERM). Financial risks are inherent in financial markets and their management represents one of the main tasks in the business of financial institutions. Enterprise Risk Management enables management to effectively deal with uncertainty and associated risk and opportunity, enhancing the capacity to build value. In contrast to the existing finance literature, this paper emphasizes the practical issues related to the adoption of an ERM framework for strategic decision-making in banks. The aim is to provide an extensive guide to the implementation issues faced by banks that are in the process of implementing fully integrated risk management systems and capabilities.

scholarly journals Regulation and Risk Assessment of Payment Systems

2019 ◽  
Vol 9 (3) ◽  
pp. 40-55
Author(s):  
A. V. Larionov ◽  
E. S. Salina
Keyword(s):  
Risk Assessment ◽  
Risk Management ◽  
Risk Analysis ◽  
Management System ◽  
Payment System ◽  
International Standards ◽  
Management Systems ◽  
Practical Implementation ◽  
Payment Systems ◽  
Risk Management System

The study reveals features of the risk management in the payment system, taking into account the requirements of the Bank of Russia. Particular emphasis is placed on the implementation of practical aspects of organizing risk management systems in conformity with Bank of Russia Regulation No. 607-P dated 03.10.2017 “On requirements for the procedure for ensuring the smooth functioning of the payment system, indicators of the smooth functioning of the payment system and methods of risk analysis in the payment system including risk profiles”. The research uses international standards and approaches to the practical construction of risk management systems. The research suggests methodological recommendations for the construction of a comprehensive risk management system in the payment system. The results of the study can be used in the practical implementation of the Bank of Russia’s approaches to ensuring the smooth functioning of payment systems.

The Management of Knowledge Risks

2018 ◽  
pp. 258-269 ◽  
Author(s):  
Susanne Durst ◽  
Guido Bruns ◽  
Thomas Henschel
Keyword(s):  
Systematic Review ◽  
Risk Management ◽  
Enterprise Risk Management ◽  
Critical Importance ◽  
Body Of Knowledge ◽  
Research Activities ◽  
Enterprise Risk

The purpose of this paper is to review extant research on knowledge risk management (KRM) to establish our body of knowledge and to identify gaps justifying further research activities. The study is based on a systematic review of peer reviewed empirical and conceptual articles on the management of knowledge risks. This proceeding proves evidence that there are a small number of papers addressing knowledge risks and its management. The recommendations derived from the findings can assist researchers, managers and consultants to better understand the critical importance of integrating KRM in the firms' enterprise risk management. This increased understanding can particularly be useful for managers as better decisions will be possible.

Cloud-Based Business Process Security Risk Management: A Systematic Review, Taxonomy, and Future Directions

Computers ◽  
2021 ◽  
Vol 10 (12) ◽  
pp. 160
Author(s):  
Temitope Elizabeth Abioye ◽  
Oluwasefunmi Tale Arogundade ◽  
Sanjay Misra ◽  
Kayode Adesemowo ◽  
Robertas Damaševičius
Keyword(s):  
Risk Management ◽  
Risk Analysis ◽  
Business Process ◽  
Business Processes ◽  
Cloud Services ◽  
Assessment Model ◽  
Security Risk ◽  
Security Issues ◽  
Management Techniques ◽  
Security Risk Management

Despite the attractive benefits of cloud-based business processes, security issues, cloud attacks, and privacy are some of the challenges that prevent many organizations from using this technology. This review seeks to know the level of integration of security risk management process at each phase of the Business Process Life Cycle (BPLC) for securing cloud-based business processes; usage of an existing risk analysis technique as the basis of risk assessment model, usage of security risk standard, and the classification of cloud security risks in a cloud-based business process. In light of these objectives, this study presented an exhaustive review of the current state-of-the-art methodology for managing cloud-based business process security risk. Eleven electronic databases (ACM, IEEE, Science Direct, Google Scholar, Springer, Wiley, Taylor and Francis, IEEE cloud computing Conference, ICSE conference, COMPSAC conference, ICCSA conference, Computer Standards and Interfaces Journal) were used for the selected publications. A total of 1243 articles were found. After using the selection criteria, 93 articles were selected, while 17 articles were found eligible for in-depth evaluation. For the results of the business process lifecycle evaluation, 17% of the approaches integrated security risk management into one of the phases of the business process, while others did not. For the influence of the results of the domain assessment of risk management, three key indicators (domain applicability, use of existing risk management techniques, and integration of risk standards) were used to substantiate our findings. The evaluation result of domain applicability showed that 53% of the approaches had been testing run in real-time, thereby making these works reusable. The result of the usage of existing risk analysis showed that 52.9% of the authors implemented their work using existing risk analysis techniques while 29.4% of the authors partially integrated security risk standards into their work. Based on these findings and results, security risk management, the usage of existing security risk management techniques, and security risk standards should be integrated with business process phases to protect against security issues in cloud services.

IDENTIFICATION OF RISKS OF A FULL-CYCLE METALLURGICAL COMPANY IN THE TRANSITION TO THE PRINCIPLES OF SUSTAINABLE DEVELOPMENT ON THE EXAMPLE OF NLMK PJSC

2021 ◽  
Vol 5 (12) ◽  
pp. 16-24
Author(s):  
Vladimir K. Selyukov ◽  
◽  
Anna N. Kasatkina ◽  
Keyword(s):  
Sustainable Development ◽  
Risk Management ◽  
Risk Analysis ◽  
Financial Sector ◽  
Management Systems ◽  
Rating Agencies ◽  
Metallurgical Company

Based on the analysis of the identified vulnerabilities in the production activities of a full-cycle metallurgical company on the example of NLMK PJSC, as well as the methods of assigning ESG ratings to organizations in the non-financial sector of the economy by leading Russian and foreign rating agencies, the identification of risks arising from the transition of such organizations to the principles of sustainable development is carried out. The results obtained can serve as a basis for risk analysis of metallurgical companies and the development of recommendations for improving their risk management systems.

Sign in / Sign up

Export Citation Format

Share Document