Spelling suggestions: "subject:"IT risk managemement"" "subject:"IT risk managementment""
1 |
A Study of Issues Concerning Cross-strait Information Systems Architecture by Information Electronic IndustryCHUI, Cheng-Hsien 27 July 2003 (has links)
Abstract
In recent years, Taiwanese industries investing in Mainland China have switched from traditional industries to hi-tech enterprises and their investment strategies have changed from production cost saving to division of labor and industry integration. However, without support of efficient and effective IT system, enterprises cannot quickly adjust to business environment varying from minute to minute. Thus, in this research, a study is conducted to investigate the roles of IT systems in facilitating hi-tech companies to gain accurate information and support just-in-time operations. The findings suggest that most IT system adopted by the subsidiary in China are transferred directly from the parent company in Taiwan. They are not built from the scratch nor modified by the subsidiary due to considerations such as smoothing usual operation, building up the same domain knowledge, and shortening production schedule. Whether the subsidiary in China is directly supervised by the parent company in Taiwan will affect the level of support by the MIS department in Taiwan. In addition, the subsidiary members¡¦ values and commitment will affect cross-strait IT architecture. In the area of risk management, the perception of information security risk differs between Taiwan headquarter and China subsidiary because of different needs and business models. Distrusting China subsidiary members is still an issue to develop cross-strait IT security systems.
Keyword: IT architecture, IT risk management
|
2 |
Don’t let my Heart bleed! : An event study methodology in Heartbleed vulnerability case.Lioupras, Ioannis, Manthou, Eleni January 2014 (has links)
Due to the rapid evolution of technology, IT software has become incredibly complex. However the human factor still has a very important role on the application of it, since people are responsible to create software. Consequently, software vulnerabilities represent inevitable drawbacks, found to cost extremely large amounts of money to the companies. “Heartbleed” is a recently discovered vulnerability with no prior investigation that answers questions about the impact it has to the companies affected. This paper focuses on the impact of it on the market value of the companies who participated in the vulnerability disclosure process with the help of an event study methodology. Furthermore our analysis investigates if there is a different affection to the value of the company based on the roles those companies had in the process. Our results suggest that the market did not punish the companies about the existence of vulnerability. However the general negative reaction of the market to the incident reflects the importance of a strategic vulnerability disclosure plan for such cases.
|
3 |
PFPC: Building an IT Risk Management CompetencyWesterman, George, Walpole, Robert 29 July 2005 (has links)
IT Risk management is becoming increasingly important for CIOs and their executive counterparts. Educators and managers have materials they can use to discuss specific IT risks in project management, security and other risk-related topics, but they have few resources they can use to have a holistic discussion of enterprise-level IT risk management. This case is intended to address the gap. It describes the IT risks facing a large financial services firm, PFPC, as a result of rapid growth, a large merger and distributed management of the IT function. The firm’s first enterprise-wide CIO, Martin Deere used risk management as a key pillar in a major revamp of the firm's applications and IT capabilities. The case is rich in detail on the firm's IT risks, the new risk management process, including examples of the firm's risk management tools. It also describes early lessons and outcomes in the implementation of risk management capabilities. The case has enough richness and potential controversy to engage students from the undergraduate through executive levels in an informative and interesting discussion of IT risk management.
|
4 |
Metodika tvoby registru rizik IT / Methodics of creating risk register ITSvěcený, Jan January 2012 (has links)
Nowadays risk management is an essential part of project management. It is necessary to identify, analyze, registr and respond to risks. They have to be assesed by means of the probability of their occurence and their final impacts. One of the tools for risk and response management and for keeping the evidence is risk register. This study will compare different theoretical approaches to risk management (e.g. based on PRINCE2) and based on the comparison a template for risk register and related user guide for different IT project environments will be derived. The study will have two parts: the theoretical part will introduce the issue and analyze different methods; in the practical part will be compared these methods and the template for risk register will be derived together with the user guide.
|
5 |
Avaliação do impacto do gerenciamento de riscos de TI no desempenho financeiro das empresas : uma análise empírica entre empresas abertas brasileirasEichler, Flavio Alberto V. January 2017 (has links)
Considerando a importância da TI no ambiente de negócios e os riscos inerentes ao emprego dessa tecnologia, este estudo visa buscar evidências de melhoria de desempenho de empresas com a realização de gerenciamento de riscos de TI (GRTI). A pesquisa em curso seguiu a metodologia da Hipótese de Eficiência de Mercado, na sua forma semiforte, isto é, utilizando o método de janela de eventos. Com essa metodologia estimaram-se os retornos anormais na valorização das ações de empresas, oriundos da publicação de eventos de GRTI pelas empresas de capital aberto brasileiras, obtidos a partir do site da BMF&BOVESPA. Foram analisadas todas as empresas listadas em todo o período disponível no site, isto é, de 2003 até 2016, perfazendo um total aproximado de 400 empresas em cada ano. Essa análise utilizou ferramentas de busca do próprio site para encontrar anualmente todos os documentos que contivessem menção à palavra risco. Todos os documentos públicos obtidos com essa filtragem foram examinados detalhadamente para identificar evidências de que a empresa realizou, pela primeira vez, ações de GRTI, isto é, de que a empresa anunciou ao mercado que o GRTI passou a fazer parte de suas rotinas operacionais e administrativas. Depois dessa análise pormenorizada de todos os documentos publicados por essas empresas no site da BMF&BOVESPA, chegou-se a 22 empresas que evidenciaram ao mercado que fazem GRTI. Essas 22 empresas foram examinadas à luz da metodologia de janela de eventos. Os resultados obtidos indicam que, no cenário brasileiro, não é possível afirmar que o GRTI traz uma melhora no desempenho financeiro das empresas, uma vez que a hipótese nula de alteração do valor do retorno das ações não foi invalidada. Infere-se que o mercado não percebe uma diferença de valor nas ações dessas empresas, em função dos eventos de GRTI. Com intuito de suportar teoricamente esta pesquisa, foram reunidas as principais pesquisas em governança de TI e GRTI e relacionando-as a um desempenho financeiro empresarial. / Considering the importance of IT in the business environment and the risks inherent in the use of this technology, this study aims to seek evidence of improved performance of companies with IT Risk Management (ITRM). The research followed the methodology of the Market Efficiency Hypothesis, in its semi-strong-form, that is, using the event window method. This methodology was used to estimate the abnormal returns on the valuation of companies' shares, resulting from the publication of ITRM events by Brazilian publicly traded companies, obtained from the BMF&BOVESPA website. All listed companies were analyzed throughout the period available on the site, that is, from 2003 to 2016, approximately 400 companies in each year. This analysis used search tools from the site itself to find annually all documents that contained mention to the word risk. All public documents obtained by this filtering were examined in detail to identify evidence that the company held, for the first time, ITRM actions. That is, the company announced that ITRM became part of their administrative and operational routines. After this detailed analysis of all documents published by these companies from Brazilian stock exchange, 22 companies evidenced to the market that do ITRM. These 22 companies were examined under the event window methodology. The results indicate that, in the Brazilian scenario, it is not possible to affirm that the ITRM brings an improvement in companies’ financial performance, since the null hypothesis of change shares’ return values was not negated. It is inferred that the market does not notice a difference in these companies’ share values due to ITRM events. In order to theoretically support this research, the main studies in IT governance and ITRM were gathered and related to a business financial performance.
|
6 |
Dimensions and Operationalisations of IT Governance: A Literature Review and Meta-Case StudyNovotny, Alexander, Bernroider, Edward, Koch, Stefan January 2012 (has links) (PDF)
This paper seeks to tackle the current confusion about the constituent dimensions of IT Governance (ITG) and inconsistent operationalisation approaches inhibiting advances in research and organisational ITG practice. Through a structured literature review of ranked high-quality publications augmented by a meta-case study with five underlying projects, we find nine distinct dimensions of ITG. The input-oriented dimensions Compliance Management, IT Investment Management and ITG Improvement have received little attention in earlier conceptualisations, while the more output-oriented dimensions Business/IT Alignment and Business Value Delivery have featured more often in related studies. Scope and application of ITG may depend on the organisational context and the intentional use, such as regulatory or strategic. Depending on the context, more research seems to be warranted to develop context-dependent measurement constructs of ITG that can be compared over studies. (author's abstract)
|
7 |
Avaliação do impacto do gerenciamento de riscos de TI no desempenho financeiro das empresas : uma análise empírica entre empresas abertas brasileirasEichler, Flavio Alberto V. January 2017 (has links)
Considerando a importância da TI no ambiente de negócios e os riscos inerentes ao emprego dessa tecnologia, este estudo visa buscar evidências de melhoria de desempenho de empresas com a realização de gerenciamento de riscos de TI (GRTI). A pesquisa em curso seguiu a metodologia da Hipótese de Eficiência de Mercado, na sua forma semiforte, isto é, utilizando o método de janela de eventos. Com essa metodologia estimaram-se os retornos anormais na valorização das ações de empresas, oriundos da publicação de eventos de GRTI pelas empresas de capital aberto brasileiras, obtidos a partir do site da BMF&BOVESPA. Foram analisadas todas as empresas listadas em todo o período disponível no site, isto é, de 2003 até 2016, perfazendo um total aproximado de 400 empresas em cada ano. Essa análise utilizou ferramentas de busca do próprio site para encontrar anualmente todos os documentos que contivessem menção à palavra risco. Todos os documentos públicos obtidos com essa filtragem foram examinados detalhadamente para identificar evidências de que a empresa realizou, pela primeira vez, ações de GRTI, isto é, de que a empresa anunciou ao mercado que o GRTI passou a fazer parte de suas rotinas operacionais e administrativas. Depois dessa análise pormenorizada de todos os documentos publicados por essas empresas no site da BMF&BOVESPA, chegou-se a 22 empresas que evidenciaram ao mercado que fazem GRTI. Essas 22 empresas foram examinadas à luz da metodologia de janela de eventos. Os resultados obtidos indicam que, no cenário brasileiro, não é possível afirmar que o GRTI traz uma melhora no desempenho financeiro das empresas, uma vez que a hipótese nula de alteração do valor do retorno das ações não foi invalidada. Infere-se que o mercado não percebe uma diferença de valor nas ações dessas empresas, em função dos eventos de GRTI. Com intuito de suportar teoricamente esta pesquisa, foram reunidas as principais pesquisas em governança de TI e GRTI e relacionando-as a um desempenho financeiro empresarial. / Considering the importance of IT in the business environment and the risks inherent in the use of this technology, this study aims to seek evidence of improved performance of companies with IT Risk Management (ITRM). The research followed the methodology of the Market Efficiency Hypothesis, in its semi-strong-form, that is, using the event window method. This methodology was used to estimate the abnormal returns on the valuation of companies' shares, resulting from the publication of ITRM events by Brazilian publicly traded companies, obtained from the BMF&BOVESPA website. All listed companies were analyzed throughout the period available on the site, that is, from 2003 to 2016, approximately 400 companies in each year. This analysis used search tools from the site itself to find annually all documents that contained mention to the word risk. All public documents obtained by this filtering were examined in detail to identify evidence that the company held, for the first time, ITRM actions. That is, the company announced that ITRM became part of their administrative and operational routines. After this detailed analysis of all documents published by these companies from Brazilian stock exchange, 22 companies evidenced to the market that do ITRM. These 22 companies were examined under the event window methodology. The results indicate that, in the Brazilian scenario, it is not possible to affirm that the ITRM brings an improvement in companies’ financial performance, since the null hypothesis of change shares’ return values was not negated. It is inferred that the market does not notice a difference in these companies’ share values due to ITRM events. In order to theoretically support this research, the main studies in IT governance and ITRM were gathered and related to a business financial performance.
|
8 |
Avaliação do impacto do gerenciamento de riscos de TI no desempenho financeiro das empresas : uma análise empírica entre empresas abertas brasileirasEichler, Flavio Alberto V. January 2017 (has links)
Considerando a importância da TI no ambiente de negócios e os riscos inerentes ao emprego dessa tecnologia, este estudo visa buscar evidências de melhoria de desempenho de empresas com a realização de gerenciamento de riscos de TI (GRTI). A pesquisa em curso seguiu a metodologia da Hipótese de Eficiência de Mercado, na sua forma semiforte, isto é, utilizando o método de janela de eventos. Com essa metodologia estimaram-se os retornos anormais na valorização das ações de empresas, oriundos da publicação de eventos de GRTI pelas empresas de capital aberto brasileiras, obtidos a partir do site da BMF&BOVESPA. Foram analisadas todas as empresas listadas em todo o período disponível no site, isto é, de 2003 até 2016, perfazendo um total aproximado de 400 empresas em cada ano. Essa análise utilizou ferramentas de busca do próprio site para encontrar anualmente todos os documentos que contivessem menção à palavra risco. Todos os documentos públicos obtidos com essa filtragem foram examinados detalhadamente para identificar evidências de que a empresa realizou, pela primeira vez, ações de GRTI, isto é, de que a empresa anunciou ao mercado que o GRTI passou a fazer parte de suas rotinas operacionais e administrativas. Depois dessa análise pormenorizada de todos os documentos publicados por essas empresas no site da BMF&BOVESPA, chegou-se a 22 empresas que evidenciaram ao mercado que fazem GRTI. Essas 22 empresas foram examinadas à luz da metodologia de janela de eventos. Os resultados obtidos indicam que, no cenário brasileiro, não é possível afirmar que o GRTI traz uma melhora no desempenho financeiro das empresas, uma vez que a hipótese nula de alteração do valor do retorno das ações não foi invalidada. Infere-se que o mercado não percebe uma diferença de valor nas ações dessas empresas, em função dos eventos de GRTI. Com intuito de suportar teoricamente esta pesquisa, foram reunidas as principais pesquisas em governança de TI e GRTI e relacionando-as a um desempenho financeiro empresarial. / Considering the importance of IT in the business environment and the risks inherent in the use of this technology, this study aims to seek evidence of improved performance of companies with IT Risk Management (ITRM). The research followed the methodology of the Market Efficiency Hypothesis, in its semi-strong-form, that is, using the event window method. This methodology was used to estimate the abnormal returns on the valuation of companies' shares, resulting from the publication of ITRM events by Brazilian publicly traded companies, obtained from the BMF&BOVESPA website. All listed companies were analyzed throughout the period available on the site, that is, from 2003 to 2016, approximately 400 companies in each year. This analysis used search tools from the site itself to find annually all documents that contained mention to the word risk. All public documents obtained by this filtering were examined in detail to identify evidence that the company held, for the first time, ITRM actions. That is, the company announced that ITRM became part of their administrative and operational routines. After this detailed analysis of all documents published by these companies from Brazilian stock exchange, 22 companies evidenced to the market that do ITRM. These 22 companies were examined under the event window methodology. The results indicate that, in the Brazilian scenario, it is not possible to affirm that the ITRM brings an improvement in companies’ financial performance, since the null hypothesis of change shares’ return values was not negated. It is inferred that the market does not notice a difference in these companies’ share values due to ITRM events. In order to theoretically support this research, the main studies in IT governance and ITRM were gathered and related to a business financial performance.
|
9 |
IT Security Risk Management of Cloud Computing Services in Critical InfrastructuresAdelmeyer, Michael 27 February 2020 (has links)
Due to the considerable advantages of cloud computing, such as cost efficiency, flexibility, and scalability, the technology has transformed the means of IT service provisioning. To realize the proclaimed benefits, critical infrastructure providers, as the backbone of societal life, increasingly deploy their IT services, processes, and functions in cloud environments. However, as the control over the underlying cloud infrastructure and the corresponding security measures is delegated to the cloud provider, the outsourcing to cloud environments exposes critical infrastructures to security risks. This is especially crucial since critical infrastructures highly rely on IT systems for dependable service provisioning. In addition, each cloud deployment is afflicted with individual risks depending on the selected cloud service and deployment model. Due to the strict requirements and regulations regarding the IT security of their landscapes, the management of IT security risks related to the adoption of cloud services is of significant importance for critical infrastructures. Thus, the objective of this thesis is to examine the IT security risk management of cloud services in critical infrastructures. For this purpose, frameworks, conceptual models, prototypical tools, action recommendations, and implications are developed. Besides the investigation of the status quo of cloud computing service adoption in German critical infrastructures, implications and methods for an adequate management of IT security and the corresponding risks resulting from the adoption of cloud computing services are derived. Further, in the context of the interaction between critical infrastructure and cloud computing service providers, the role of trust is examined. In addition, frameworks and prototypes for a tool support for the IT security risk management of cloud services in critical infrastructures are developed. As an underlying analytical framework, a multi-method approach is chosen to examine the field from a behavioral- as well as a design-oriented perspective by applying various qualitative and quantitative research methods. The results of this dissertation can support decision makers and researchers in the field of the IT security risk management of cloud computing services in critical infrastructures.
|
10 |
Effects of Information Technology Risk Management and Institution Size on Financial PerformanceBarrett, Shaun D'olene Kecia 01 January 2016 (has links)
A negative relationship exists between unmanaged IT risk and financial performance of institutions of varying sizes. The purpose for this quantitative correlation study was to examine the relationship between IT risk management, institution size, and the financial performance of credit unions in Jamaica. Information Systems Audit and Control Association (ISACA) risk IT model provided the theoretical framework for the study. Audited financial statements and a web-based survey provided data for this study. One hundred and thirty employees from 13 credit unions in Jamaica participated in the study. Results of the multiple regression tests confirmed a statistically significant relationship between IT risk management, institution size, and the financial performance of Jamaican credit unions, F (2, 99) = 46.861, p = 0.000, R2 = .486. Institution size was a statistically significant predictor of financial performance (beta = -.637, p = .000). IT risk management initiatives did not provide any significant variation (beta = .139, p = .074) in financial performance. Research findings may lead to more effective and efficient operations of Jamaican credit unions and improvement in their financial performance, which could result in positive social change through the increases in corporate social contributions, the payment of dividends, and the offer of affordable product and services for over 1 million Jamaican credit union members.
|
Page generated in 0.0925 seconds