A Hybrid Asset-Based IT Risk Management Framework

2022 ◽  
pp. 56-76
Author(s):  
Baris Cimen ◽  
Meltem Mutluturk ◽  
Esra Kocak ◽  
Bilgin Metin
Keyword(s):  
Risk Management ◽  
Information Security ◽  
Quantitative Methods ◽  
Security Risks ◽  
Management Framework ◽  
Qualitative And Quantitative Methods ◽  
Risk Management Framework ◽  
Analysis Methodology ◽  
Business Goals ◽  
It Risk

Information security has become one of the most important responsibilities of all organizations due to increasing cyber threats. Attackers take advantage of systems vulnerabilities; therefore, system administrators should be aware of potential threats to take necessary actions to protect their organizations and stakeholders. At this point, a risk assessment is needed to discover possible threats for vulnerable systems of the organization and to implement strategies for the business goals. This study proposes a hybrid risk management framework using both qualitative and quantitative methods to analyze risk within organizations and reduce them with practical countermeasures. Based on this framework, case studies have been carried out considering three hypothetical companies identifying possible information security risks, and these risks have been reduced to an acceptable level by applying the proposed risk analysis methodology.

A Hybrid Asset-Based IT Risk Management Framework

2021 ◽  
pp. 236-253
Author(s):  
Baris Cimen ◽  
Meltem Mutluturk ◽  
Esra Kocak ◽  
Bilgin Metin
Keyword(s):  
Risk Management ◽  
Information Security ◽  
Quantitative Methods ◽  
Security Risks ◽  
Management Framework ◽  
Qualitative And Quantitative Methods ◽  
Risk Management Framework ◽  
Analysis Methodology ◽  
Business Goals ◽  
It Risk

Information security has become one of the most important responsibilities of all organizations due to increasing cyber threats. Attackers take advantage of systems vulnerabilities; therefore, system administrators should be aware of potential threats to take necessary actions to protect their organizations and stakeholders. At this point, a risk assessment is needed to discover possible threats for vulnerable systems of the organization and to implement strategies for the business goals. This study proposes a hybrid risk management framework using both qualitative and quantitative methods to analyze risk within organizations and reduce them with practical countermeasures. Based on this framework, case studies have been carried out considering three hypothetical companies identifying possible information security risks, and these risks have been reduced to an acceptable level by applying the proposed risk analysis methodology.

Risk Management Model in ITIL

2013 ◽  
pp. 207-214
Author(s):  
Sarah Vilarinho ◽  
Miguel Mira da Silva
Keyword(s):  
Risk Management ◽  
Best Practice ◽  
Service Management ◽  
Management Model ◽  
Business World ◽  
Management Framework ◽  
It Service ◽  
Risk Management Framework ◽  
Future Work ◽  
It Risk

ITIL is considered a framework of Best Practice guidance for IT Service Management, and it is widely used in the business world. In spite of this, ITIL has some gaps in Risk Management specification. This chapter approaches this problem in ITIL and compares IT risk management in ITIL to other IT Governance Frameworks. Despite ITIL stating that risk should be identified, measured, and mitigated, it is not clear on how to proceed (no concrete process is defined on how to deal with risk). To solve this, the authors propose to map the M_o_R risk management framework in ITIL, mapping every M_o_R process in ITIL, therefore adopting a strong risk management in ITIL, based on concrete guidelines, without changing the framework. In this chapter, the authors summarize the necessary guidelines and show a planning for future work.

Developing and implementing the risk management framework into business processes of Gazprom transgaz Tomsk Ltd., for implementation of the Eastern gas program of PJSC Gazprom

2020 ◽  
Vol 17 (1) ◽  
pp. 68-77
Author(s):  
V. E. Zaikovsky ◽  
A. V. Karev
Keyword(s):  
Risk Management ◽  
Human Resources ◽  
Management Information System ◽  
Business Processes ◽  
Project Success ◽  
Management Information ◽  
Timely Manner ◽  
Project Approach ◽  
Management Framework ◽  
Risk Management Framework

Project success depends on the ability to respond to risks and make correct decisions in a timely manner. The project approach provides a better framework for implementing a new management system into the company’s business processes. The risk management framework developed by the company comprises a risk management infrastructure, a set of standards, human resources, and a risk management information system. To improve staff compliance, it is necessary to provide training and to communicate the goals of the project effectively. It is also important to develop a motivation system because well trained and motivated staff are able to work more efficiently.

Sign in / Sign up

Export Citation Format

Share Document