The Implementation IT Risk Management of Hardware and Software Obsolescence by using ISO27001/ISO 27002 in Pharmaceutical Industry

2019 ◽  
Vol 3 (1) ◽  
pp. 105-112
Author(s):  
Heri Rukmana
Keyword(s):  
Risk Management ◽  
Pharmaceutical Industry ◽  
Business Strategy ◽  
It Risk Management ◽  
The Subject ◽  
It Risk

Risk Management is a discipline that exists to deal with non-speculative risks – those risks from which only a loss can occur. Hardware and software obsolescence which are used in pharmaceutical industry equipment are the subject of Risk Management since these obsolescence may cause either a profit or loss and impact to the business strategy, which can reduce the value of the assets with which the organization undertakes its speculative activity.

The Mechanics of Managing it Risk

1996 ◽  
Vol 11 (4) ◽  
pp. 373-378 ◽  
Author(s):  
Robert N. Charette
Keyword(s):  
Risk Management ◽  
It Projects ◽  
It Risk Management ◽  
It Project ◽  
The Subject ◽  
It Risk

The application of formal risk management to IT projects is rapidly growing in popularity. Numerous books and articles on the subject of IT-oriented risk management have appeared, where a decade ago there were virtually none. In this paper, a short tutorial on the general processes and activities involved in performing IT risk management is presented. Some of the practical issues that require attention when putting IT risk management into practice are also discussed. Effectively applied, risk management is a powerful tool for making an IT project proactive. However, poorly applied, risk management can just as easily lead an IT project into ruin.

Board and Management-Level Factors Affecting the Maturity of IT Risk Management Practices

2018 ◽  
Vol 33 (3) ◽  
pp. 117-135
Author(s):  
Nishani Edirisinghe Vincent ◽  
Julia L. Higgs ◽  
Robert E. Pinsker
Keyword(s):  
Risk Management ◽  
Internal Control ◽  
Management Practices ◽  
Factors Affecting ◽  
Management Level ◽  
It Risk Management ◽  
Top Managers ◽  
Risk Oversight ◽  
The Impact ◽  
It Risk

ABSTRACT The Securities and Exchange Commission's 2009 enhanced proxy disclosure requirements and the updated Committee of Sponsoring Organizations' (COSO) Internal Control Framework have caused organizations to increase their focus on risk management and consider the impact of information technology (IT) in enterprise risk management. Our study examines whether board involvement, board expertise, and top management's risk culture affect the maturity of IT risk management practices (maturity) in firms. We find that board involvement positively influences maturity while top managers' risk-taking behavior is associated with lower maturity. Even though board expertise influences maturity, board involvement is more important in explaining maturity. Maturity is higher in firms where risk oversight lies with a board-level, rather than a management, committee. However, the maturity of ITRM practices does not differ among firms whether risk oversight lies with the overall board, or any other board committee. The findings contribute to an under-researched area in IT governance.

A Step-by-Step Procedural Methodology for Improving an Organization's IT Risk Management System

2018 ◽  
pp. 236-257
Author(s):  
Shanmugapriya Loganathan
Keyword(s):  
Risk Management ◽  
Data Security ◽  
Vital Role ◽  
Transfer System ◽  
Business Systems ◽  
It Risk Management ◽  
It Organization ◽  
Security Network ◽  
Business Cost ◽  
It Risk

Risks in IT are described as a form of threat in context with data security, network transfer, system scheduled processes, critical applications, and business procedures. IT risk management is broadly defined as the process of managing IT risks, and must be executed on a regular basis. It is neither a product nor a purchase, but a policy of an organization implements to protect its business systems. Managing IT risk plays a vital role in administering any business in today's world. Irrespective of the business, deep knowledge of IT risk leads to increased data security, reduced business cost, and greater compliance. This chapter deals with methodologies to improve risk management in an IT organization, their impact, and some examples.

Global IT Risk Management Strategies

2008 ◽  
pp. 285-298 ◽  
Author(s):  
Chrisan Herrod
Keyword(s):  
Risk Management ◽  
Financial Risk ◽  
Best Practice ◽  
New Technologies ◽  
Management Strategies ◽  
Regulatory Compliance ◽  
It Risk Management ◽  
Reputational Risk ◽  
Risk Management Strategies ◽  
It Risk

This chapter describes why it is important for organizations to develop and implement an IT risk management function and use best practice risk assessment methodologies that provide a standard to measure and assess risk within organizations. Information technology risk management is a significant new function that can help companies achieve world class IT service. IT risk management includes regulatory compliance, information security, disaster recovery, and project risks. IT risk management should be part of a company’s risk management strategy on an equal footing with financial risk management and reputational risk management. As the complexity of IT infrastructures increases and as businesses continue to rely upon the Internet as the communication backbone for e-business, the associated risks increase. For these reasons, deciding upon and implementing a risk management process and a standard methodology will greatly reduce the risks associated with the introduction of new technologies that support the mission of the business.

Risk of adopting mission-critical OSS applications: an interpretive case study

2014 ◽  
Vol 34 (4) ◽  
pp. 477-512 ◽  
Author(s):  
Placide Poba-Nzaou ◽  
Louis Raymond ◽  
Bruno Fabi
Keyword(s):  
Risk Management ◽  
Open Source ◽  
Resource Planning ◽  
Adoption Process ◽  
Content Type ◽  
It Risk Management ◽  
Interpretive Case Study ◽  
Mission Critical ◽  
It Risk

Purpose – This study aims to explore the process of open source software (OSS) adoption in small- and medium-sized enterprises (SMEs), and more specifically open source enterprise resource planning (ERP) as a “mission critical” OSS application in manufacturing. It also addresses the fundamental issue of ERP risk management that shapes this process. Design/methodology/approach – The approach is done through an interpretive case study of a small Canadian manufacturer that has adopted an open source ERP system. Findings – Interpreted in the light of the IT risk management, OSS and packaged application adoption literatures, results indicate that the small manufacturer successfully managed the adoption process in a rather intuitive manner, based on one guiding principle and nine practices. In analyzing the data, diffusion of innovation theory appeared to fit rather well with the situation observed and to offer rich insights to explain the mission-critical OSS adoption process. Research limitations/implications – A single case study of successful IT adoption should be eventually counterbalanced by future cases considered to be partial or total failures, using a wider multiple case study approach for comparative purposes. And this should include alternative theoretical interpretations and more detailed empirical work on the extent to which the distinctive features of OSS make its adoption more or less risk-laden. This initial effort should also be followed by further research on mission-critical OSS adoption in contexts other than SMEs (e.g. healthcare organizations) and other than ERP (e.g. customer-relationship management). Practical implications – This research confirms that open source is a credible alternative for SMEs that decide willingly or under external pressure to adopt a mission-critical system such as ERP. Moreover, it suggests that a high level of formalization is not always necessary. Originality/value – The authors argue that rich insights into the dynamics of the mission-critical OSS adoption process can be obtained by framing this process within an IT risk management context.

Sign in / Sign up

Export Citation Format

Share Document