An Overview of the IT Risk Management Methodologies for Securing Information Assets

2022 ◽  
pp. 30-47
Author(s):  
Sayan Mercan Dursun ◽  
Meltem Mutluturk ◽  
Nazim Taskin ◽  
Bilgin Metin
Keyword(s):  
Risk Management ◽  
Asset Management ◽  
Risk Assessments ◽  
Management Approach ◽  
It Risk Management ◽  
Risk Management Process ◽  
Asset Values ◽  
Information Assets ◽  
Executive Managers ◽  
It Risk

Effective information asset management is the basis of information security as well as many other issues. IT risk assessments work well with the proper handling of asset values, and also it is for effectively securing information assets. There is also a wide variety of risk assessment methodologies. This chapter presents information about the overall IT risk management process and methodologies. Best practices are mentioned and occasionally compared based on the requirements of the information technology (IT) sector in practice. This chapter will provide deep knowledge about the IT risk management approach and construction to implementers, risk owners, IT auditors, executive managers, and other IT staff.

scholarly journals IT RISK IDENTIFICATION PROCESS ANALYSIS / IT RIZIKOS IDENTIFIKAVIMO PROCESO ANALIZĖ

2013 ◽  
Vol 5 (1) ◽  
pp. 46-52
Author(s):  
Rasma Janeliūnienė ◽  
Vida Davidavičienė
Keyword(s):  
Risk Management ◽  
Business Processes ◽  
Process Analysis ◽  
Risk Identification ◽  
Business Success ◽  
Success Factor ◽  
It Risk Management ◽  
Risk Management Process ◽  
Process Risk ◽  
It Risk

Business processes and business success that depends on information technology (IT) is now closely associated with IT risks, which is influenced by growing IT risk management and control needs. It is vitally important to identify, analyse and reduce systemic risk in order to avoid undesirable consequences, such as information loss, data leaks or damage. A critical success factor in this situation is the systematic and continuous IT risk management. This paper aims to analyse one part of the IT risk management process –risk identification. The article invoked the methods of literature analysis, synthesis, comparison, and generalization.Article in Lithuanian Santrauka Išaugusi verslo procesų, kartu ir verslo sėkmės, priklausomybė nuo informacinių technologijų (IT) šiuo metu yra glaudžiai susijusi su IT rizika. Tai daro įtaką augančiam IT rizikos valdymo ir kontrolės poreikiui. Nepaneigtina tai, kad identifikuota, išanalizuota ir sumažinta sistemos rizika leidžia išvengti nepageidaujamų pasekmių, tokių kaip informacijos praradimas, nutekėjimas ar duomenų sugadinimas. Pagrindinis sėkmės veiksnys siekiant užtikrinti organizacijos sėkmę valdant IT yra sistemingas ir tęstinis IT rizikos valdymas. Straipsnyje keliamas tikslas išanalizuoti vieną iš IT rizikos valdymo proceso etapų – rizikų identifikavimą. Straipsnyje pasitelkiami tokie metodai, kaip mokslinės literatūros analizė, sisteminimas, apibendrinimas.

Building IT Risk Management Approaches

2011 ◽  
pp. 244-264
Author(s):  
Jakob Holden Iversen ◽  
Lars Mathiassen ◽  
Peter Axel Nielsen
Keyword(s):  
Risk Management ◽  
Software Process ◽  
Software Process Improvement ◽  
Practical Experience ◽  
Management Approach ◽  
It Risk Management ◽  
Innovation Projects ◽  
Management Approaches ◽  
It Risk ◽  
Software Organization

This chapter shows how action research can help practitioners develop IT risk management approaches that are tailored to their organization and the specific issues they face. Based on literature and practical experience, the authors present a method for developing risk management approaches to use in real-world innovation projects. The chapter illustrates the method by presenting the results of developing a risk management approach for software process improvement projects in a software organization.

scholarly journals Analisis IT Risk Management di Universitas Bina Darma Menggunakan ISO31000

2020 ◽  
Vol 11 (1) ◽  
Author(s):  
Yeni Erlika ◽  
Muhammad Izman Herdiansyah ◽  
A. Haidar Mirza
Keyword(s):  
Risk Management ◽  
Disaster Recovery ◽  
Management Practices ◽  
Current System ◽  
It Management ◽  
It Risk Management ◽  
Risk Management Process ◽  
Iso 31000 ◽  
The University ◽  
It Risk

<p class="SammaryHeader" align="center"><strong>Abstract</strong></p><p><em>The application of IT management needs to be evaluated to measure the level of IT risk management that occurs. This study aims to analyze and know the IT risk management process adopted at the University of Bina Darma Palembang using the ISO 31000 approach, and focus on evaluating IT management practices which include three stages; identification, analysis, and risk treatment. Bina Darma University is a university that has applied the use of information technology to support its business processes and in accordance with its vision and mission. The implementation of the entire system can be used to support the performance of employees, lecturers and to provide services to students, system managers namely the Directorate of Technology Systems, hereinafter referred to as DSTI. Risks that have occurred at the University of Bina Darma in terms of security standards for security, disaster recovery, to previously be able to cope with problems that occur, but there is no standard, manual, for example data backup using a hard disk. By using the risk assessment stage within the ISO 31000 framework, researchers found that Bina Darma University currently has not implemented ISO standards in dealing with their IT risk management. University management is in the process of designing to implement ISO. From interviews with IT staff and observations, researchers found that Bina Darma University had the ability to apply ISO 31000 in managing their risk. This research produces IT risk reports on current system applications.</em></p><p><strong><em>Keywords</em></strong><strong><em> </em></strong><strong><em>: </em></strong><em>IT Risk Management, ISO 31000, Assessment, Mitigation</em></p><p class="SammaryHeader" align="center"><strong>Abstrak</strong></p><p><em>Penerapan manajemen IT perlu dilakukan evaluasi untuk mengukur tingkat penanganan risiko IT yang terjadi. Penelitian ini bertujuan untuk menganalisis dan mengetahui proses manajemen risiko IT yang diadopsi di Universitas Bina Darma Palembang menggunakan pendekatan ISO 31000, dan berfokus pada evaluasi praktik manajemen IT yang mencakup tiga tahapan; identifikasi, analisis, dan perlakuan risiko. Universitas Bina Darma merupakan perguruan tinggi yang telah mengaplikasikan penggunaan teknologi informasi sebagai pendukung proses bisnisnya dan sesuai dengan visi dan misi nya. Penerapan seluruh sistem yang ada dapat digunakan untuk mendukung kinerja pegawai, dosen maupun untuk layanan kepada mahasiswa/i, pengelola sistem yaitu Direktorat sistem teknologi selanjutnya di sebut dengan DSTI. Risiko yang pernah terjadi pada Universitas Bina Darma dari segi keamanan standart untuk keamanan, disaster recovery, untuk sebelumnya bisa menanggulangi masalah yang terjadi, tetapi tidak ada standarnya, manual, misal backup data dengan menggunakan hardisk. Dengan menggunakan tahap penilaian risiko dalam kerangka kerja ISO 31000, peneliti menemukan bahwa Universitas Bina Darma saat ini masih belum menerapkan standar ISO dalam menangani manajemen risiko IT mereka. Manajemen universitas sedang dalam proses perancangan untuk mengimplementasikan ISO. Hasil wawancara dengan staf IT dan pengamatan, peneliti menemukan bahwa Universitas Bina Darma memiliki kemampuan untuk menerapkan ISO 31000 dalam mengelola risiko mereka. Penelitian ini menghasilkan laporan risiko TI pada aplikasi sistem saat ini.</em></p><strong><em>Kata kunci : </em></strong><em>IT Risk Management, ISO 31000, Penilaian, Mitigasi</em>

Building IT Risk Management Approaches

2010 ◽  
pp. 94-109
Author(s):  
Jakob Holden Iversen ◽  
Lars Mathiassen ◽  
Peter Axel Nielsen
Keyword(s):  
Risk Management ◽  
Software Process ◽  
Software Process Improvement ◽  
Practical Experience ◽  
Management Approach ◽  
It Risk Management ◽  
Innovation Projects ◽  
Management Approaches ◽  
It Risk ◽  
Software Organization

This chapter shows how action research can help practitioners develop IT risk management approaches that are tailored to their organization and the specific issues they face. Based on literature and practical experience, the authors present a method for developing risk management approaches to use in real-world innovation projects. The chapter illustrates the method by presenting the results of developing a risk management approach for software process improvement projects in a software organization.

RISK MANAGEMENT ANALYSIS OF BUS TRANSPORTATION APPLICATION USING COBIT 4.1

JURTEKSI ◽  
2021 ◽  
Vol 7 (2) ◽  
pp. 203-212
Author(s):  
Resad Setyadi ◽  
Handy Nur Prabowo
Keyword(s):  
Information Technology ◽  
Risk Management ◽  
Management Approach ◽  
Transportation Services ◽  
It Risk Management ◽  
Application Service ◽  
Control Objective ◽  
Level 2 ◽  
It Risk ◽  
Bus Transportation

Abstract: The role of information technology in transportation increases, namely in enjoying transportation services. One way to provide the best service for a transportation company to customers is to provide a bus booking application service. One of the companies that offer service applications is a bus transportation application located in Yogyakarta. Because the application system is considered necessary, stakeholders need IT risk management for the bus booking application. The purpose of this research is to analyze the risk management of the bus transportation application. In measuring IT risk management, the author uses the Control Objective for information and Related Technology (COBIT) 4.1 domain Plan and Organize (PO) framework, especially PO9 (Assess and Manage IT risk). The analysis results show that if the bus transportation application is at level 2 in maturity level. It means that the company knows that there are problems that need resolving. Standard risk management in bus transportation applications tends to provide failed access in the progress of its service. The problem is solving individually and not yet at the integrated completion stage. In general, the application management approach needs to improve better management in the field of information technology.            Keywords: COBIT; plan and organize; risk management  Abstrak: Peran teknologi informasi dalam meningkatnya angkutan yaitu dalam menikmati layanan angkutan. Salah satu cara untuk memberikan layanan terbaik bagi perusahaan angkutan kepada pelanggan adalah dengan menyediakan layanan aplikasi pemesanan bus. Salah satu perusahaan yang menawarkan aplikasi jasa adalah aplikasi angkutan bus yang berlokasi di Yogyakarta. Karena sistem aplikasi dirasa perlu, maka stakeholders membutuhkan manajemen risiko TI untuk aplikasi pemesanan bus tersebut. Tujuan dari penelitian ini adalah menganalisis manajemen risiko pada aplikasi angkutan bus. Dalam mengukur manajemen risiko TI, penulis menggunakan framework Control Objective for Information and Related Technology (COBIT) 4.1 domain Plan and Organize (PO), khususnya PO9 (Assessment and Manage IT risk). Hasil analisis menunjukkan bahwa penerapan angkutan bus berada pada level 2 pada tingkat kematangan. Artinya perusahaan mengetahui bahwa ada masalah yang perlu diselesaikan. Manajemen resiko standar dalam aplikasi transportasi bus cenderung memberikan akses yang gagal dalam kemajuan layanannya. Masalahnya diselesaikan secara individu dan belum pada tahap penyelesaian terintegrasi. Secara umum, pendekatan manajemen aplikasi perlu meningkatkan manajemen yang lebih baik di bidang teknologi informasi. Kata kunci: COBIT; plan and organize; risk management

Board and Management-Level Factors Affecting the Maturity of IT Risk Management Practices

2018 ◽  
Vol 33 (3) ◽  
pp. 117-135
Author(s):  
Nishani Edirisinghe Vincent ◽  
Julia L. Higgs ◽  
Robert E. Pinsker
Keyword(s):  
Risk Management ◽  
Internal Control ◽  
Management Practices ◽  
Factors Affecting ◽  
Management Level ◽  
It Risk Management ◽  
Top Managers ◽  
Risk Oversight ◽  
The Impact ◽  
It Risk

ABSTRACT The Securities and Exchange Commission's 2009 enhanced proxy disclosure requirements and the updated Committee of Sponsoring Organizations' (COSO) Internal Control Framework have caused organizations to increase their focus on risk management and consider the impact of information technology (IT) in enterprise risk management. Our study examines whether board involvement, board expertise, and top management's risk culture affect the maturity of IT risk management practices (maturity) in firms. We find that board involvement positively influences maturity while top managers' risk-taking behavior is associated with lower maturity. Even though board expertise influences maturity, board involvement is more important in explaining maturity. Maturity is higher in firms where risk oversight lies with a board-level, rather than a management, committee. However, the maturity of ITRM practices does not differ among firms whether risk oversight lies with the overall board, or any other board committee. The findings contribute to an under-researched area in IT governance.

A Step-by-Step Procedural Methodology for Improving an Organization's IT Risk Management System

2018 ◽  
pp. 236-257
Author(s):  
Shanmugapriya Loganathan
Keyword(s):  
Risk Management ◽  
Data Security ◽  
Vital Role ◽  
Transfer System ◽  
Business Systems ◽  
It Risk Management ◽  
It Organization ◽  
Security Network ◽  
Business Cost ◽  
It Risk

Risks in IT are described as a form of threat in context with data security, network transfer, system scheduled processes, critical applications, and business procedures. IT risk management is broadly defined as the process of managing IT risks, and must be executed on a regular basis. It is neither a product nor a purchase, but a policy of an organization implements to protect its business systems. Managing IT risk plays a vital role in administering any business in today's world. Irrespective of the business, deep knowledge of IT risk leads to increased data security, reduced business cost, and greater compliance. This chapter deals with methodologies to improve risk management in an IT organization, their impact, and some examples.

Sign in / Sign up

Export Citation Format

Share Document