Spelling suggestions: "subject:"IT risk."" "subject:"IT disk.""
1 |
A Study of Issues Concerning Cross-strait Information Systems Architecture by Information Electronic IndustryCHUI, Cheng-Hsien 27 July 2003 (has links)
Abstract
In recent years, Taiwanese industries investing in Mainland China have switched from traditional industries to hi-tech enterprises and their investment strategies have changed from production cost saving to division of labor and industry integration. However, without support of efficient and effective IT system, enterprises cannot quickly adjust to business environment varying from minute to minute. Thus, in this research, a study is conducted to investigate the roles of IT systems in facilitating hi-tech companies to gain accurate information and support just-in-time operations. The findings suggest that most IT system adopted by the subsidiary in China are transferred directly from the parent company in Taiwan. They are not built from the scratch nor modified by the subsidiary due to considerations such as smoothing usual operation, building up the same domain knowledge, and shortening production schedule. Whether the subsidiary in China is directly supervised by the parent company in Taiwan will affect the level of support by the MIS department in Taiwan. In addition, the subsidiary members¡¦ values and commitment will affect cross-strait IT architecture. In the area of risk management, the perception of information security risk differs between Taiwan headquarter and China subsidiary because of different needs and business models. Distrusting China subsidiary members is still an issue to develop cross-strait IT security systems.
Keyword: IT architecture, IT risk management
|
2 |
Don’t let my Heart bleed! : An event study methodology in Heartbleed vulnerability case.Lioupras, Ioannis, Manthou, Eleni January 2014 (has links)
Due to the rapid evolution of technology, IT software has become incredibly complex. However the human factor still has a very important role on the application of it, since people are responsible to create software. Consequently, software vulnerabilities represent inevitable drawbacks, found to cost extremely large amounts of money to the companies. “Heartbleed” is a recently discovered vulnerability with no prior investigation that answers questions about the impact it has to the companies affected. This paper focuses on the impact of it on the market value of the companies who participated in the vulnerability disclosure process with the help of an event study methodology. Furthermore our analysis investigates if there is a different affection to the value of the company based on the roles those companies had in the process. Our results suggest that the market did not punish the companies about the existence of vulnerability. However the general negative reaction of the market to the incident reflects the importance of a strategic vulnerability disclosure plan for such cases.
|
3 |
PFPC: Building an IT Risk Management CompetencyWesterman, George, Walpole, Robert 29 July 2005 (has links)
IT Risk management is becoming increasingly important for CIOs and their executive counterparts. Educators and managers have materials they can use to discuss specific IT risks in project management, security and other risk-related topics, but they have few resources they can use to have a holistic discussion of enterprise-level IT risk management. This case is intended to address the gap. It describes the IT risks facing a large financial services firm, PFPC, as a result of rapid growth, a large merger and distributed management of the IT function. The firm’s first enterprise-wide CIO, Martin Deere used risk management as a key pillar in a major revamp of the firm's applications and IT capabilities. The case is rich in detail on the firm's IT risks, the new risk management process, including examples of the firm's risk management tools. It also describes early lessons and outcomes in the implementation of risk management capabilities. The case has enough richness and potential controversy to engage students from the undergraduate through executive levels in an informative and interesting discussion of IT risk management.
|
4 |
IS/IT Risk Assessment in the Implementation of a Business Continuity Plan : An integrated approach based on Enterprise Risk Management and Governance of Enterprise ITHidalgo Valdez, Cristina Cecilia January 1900 (has links)
Business continuity is an area of research that ensure continuity of enterprise operations. Business continuity requires knowledge and input from business and IT leaders to assess and manage risks associated with critical business processes to develop a plan that can allow the organization to resume operations. Organizations that have a holistic enterprise risk management approach can better manage business and technology risks. The increasing dependency on technological resources asserts the need to assess business and technology risks to develop business continuity. Nevertheless, governance and enterprise leaders find difficult to determine the scope and impact of risks associated with enterprise operations. In organizational contexts, business continuity planning is perceived as an element of contingency instead of an opportunity for improvement. In addition, there is a lack of academic literature related to the organizational implementation of a business continuity plan. For this reason, there is a need to merge enterprise risk management and governance of enterprise IT views to provide an integrated perspective of business and technological risk in the im-plementation of a business continuity plan.The objective of the study relies on assessing how the implementation of a business continuity plan is conducted, together with its challenges and benefits, to provide insights on the elements that facilitates a business continuity plan implementation. The study focuses on the preparation phase of a business continuity plan, where enterprise risks are identified, evalu-ated and mitigated. The study results are based on a case study performed at a multination retail and manufacturing enterprise in Spain. The results indicates that awareness from the higher governance body and senior management on the dependency that enterprises have developed on IS/IT key resources is a factor that influence how risk management and technology risk is perceived in organizations. This influence how the higher governance body views the need to implement enterprise risk management, governance of enterprise IT and business continuity initiatives. Likewise, the elements facilitating a business continuity imple-mentation are associated with the sponsorship and leadership from organizational actors, the involvement of an external organizational agent that can bring expertise and methodology related to business continuity planning, identification of enterprise critical areas and processes and the creation of business and IT risk scenarios to depict threats to the organization operations and processes. This internal reflection brings challenges and benefits to the or-ganization and both are addressed in the study.The study concludes with the presentation of two high level frameworks that can aid enter-prise leaders to visualize and understand the influence that enterprise risk management and governance of enterprise IT has on the implementation of a business continuity plan and the underlying elements that facilitate a business continuity plan implementation in organizations.
|
5 |
Guideline for assessing risks arising from adoption of a cloud service / Guideline for assessing security risks arising from adoption of a cloud platformTomčová, Zuzana January 2014 (has links)
This thesis focuses on assessment of IT risks related to company's adoption of a cloud ser-vice. The goal of the thesis is to identify generally applicable set of IT risks, which will serve as a basis for the proposed risk assessment guideline. The work is organized as follows: Introduction and literature review is presented in the first chapter. The author provides theoretical background supporting better understand-ing of the topic in the Chapter two, where concept of the cloud computing and IT risk are described. A qualitative questionnaire is introduced and results of the participants' re-sponses are depicted in the third chapter. Following chapter provides a risks categoriza-tion representing a base for the proposed cloud oriented IT risk assessment guideline. Subsequently, validation of the guideline in form of its practical application on a company undergoing the decision-making process towards cloud solution is summarized in the Chapter five. Second last chapter describes standards and certifications in an area of coud information security. Finally, Chapter seven summarizes and concludes the findings outlining opportunities for future work and possible improvements in this area.
|
6 |
Metodika tvoby registru rizik IT / Methodics of creating risk register ITSvěcený, Jan January 2012 (has links)
Nowadays risk management is an essential part of project management. It is necessary to identify, analyze, registr and respond to risks. They have to be assesed by means of the probability of their occurence and their final impacts. One of the tools for risk and response management and for keeping the evidence is risk register. This study will compare different theoretical approaches to risk management (e.g. based on PRINCE2) and based on the comparison a template for risk register and related user guide for different IT project environments will be derived. The study will have two parts: the theoretical part will introduce the issue and analyze different methods; in the practical part will be compared these methods and the template for risk register will be derived together with the user guide.
|
7 |
Information security risk management model for mitigating the impact on SMEs in PeruGaray, Daniel Felipe Carnero, Marcos Antonio, Carbajal Ramos, Armas-Aguirre, Jimmy, Molina, Juan Manuel Madrid 01 June 2020 (has links)
El texto completo de este trabajo no está disponible en el Repositorio Académico UPC por restricciones de la casa editorial donde ha sido publicado. / This paper proposes an information security risk management model that allows mitigating the threats to which SMEs in Peru are exposed. According to studies by Ernst Young, 90% of companies in Peru are not prepared to detect security breaches, and 51% have already been attacked. In addition, according to Deloitte, only 10% of companies maintain risk management indicators. The model consists of 3 phases: 1. Inventory the information assets of the company, to conduct the risk analysis of each one; 2. Evaluate treatment that should be given to each risk, 3. Once the controls are implemented, design indicators to help monitor the implemented safeguards. The article focuses on the creation of a model that integrates a standard of risk management across the company with a standard of IS indicators to validate compliance, adding as a contribution the results of implementation in a specific environment. The proposed model was validated in a pharmaceutical SME in Lima, Peru. The results showed a 71% decrease in risk, after applying 15 monitoring and training controls, lowering the status from a critical level to an acceptable level between 1.5 and 2.3, according to the given assessment. / Revisión por pares
|
8 |
Sensemaking Operational Risk Manager : a qualitative study on how to become successful as an operational risk manager in the Swedish financial sector.Österlund, Joakim, Jens, Rasmusson January 2019 (has links)
This research sheds light on the nature of the role of the operational risk controller in the financial services industry. The focus is on understanding how operational risk controllers interact with different layers of the organisation and become influential with the business lines and senior management. Nine semi-structured interviews were conducted with operational risk controllers, and it was found that their work is becoming increasingly focused on managing people with a view to creating mutual understanding. To achieve this, operational risk controllers should work more as independent facilitators in their interactions with the first line and senior management, as engaged toolmakers when adapting and reconfiguring tools, and as non-financial risk controllers when attempting to enable business leaders to understand the magnitude of operational risks.
|
9 |
Avaliação do impacto do gerenciamento de riscos de TI no desempenho financeiro das empresas : uma análise empírica entre empresas abertas brasileirasEichler, Flavio Alberto V. January 2017 (has links)
Considerando a importância da TI no ambiente de negócios e os riscos inerentes ao emprego dessa tecnologia, este estudo visa buscar evidências de melhoria de desempenho de empresas com a realização de gerenciamento de riscos de TI (GRTI). A pesquisa em curso seguiu a metodologia da Hipótese de Eficiência de Mercado, na sua forma semiforte, isto é, utilizando o método de janela de eventos. Com essa metodologia estimaram-se os retornos anormais na valorização das ações de empresas, oriundos da publicação de eventos de GRTI pelas empresas de capital aberto brasileiras, obtidos a partir do site da BMF&BOVESPA. Foram analisadas todas as empresas listadas em todo o período disponível no site, isto é, de 2003 até 2016, perfazendo um total aproximado de 400 empresas em cada ano. Essa análise utilizou ferramentas de busca do próprio site para encontrar anualmente todos os documentos que contivessem menção à palavra risco. Todos os documentos públicos obtidos com essa filtragem foram examinados detalhadamente para identificar evidências de que a empresa realizou, pela primeira vez, ações de GRTI, isto é, de que a empresa anunciou ao mercado que o GRTI passou a fazer parte de suas rotinas operacionais e administrativas. Depois dessa análise pormenorizada de todos os documentos publicados por essas empresas no site da BMF&BOVESPA, chegou-se a 22 empresas que evidenciaram ao mercado que fazem GRTI. Essas 22 empresas foram examinadas à luz da metodologia de janela de eventos. Os resultados obtidos indicam que, no cenário brasileiro, não é possível afirmar que o GRTI traz uma melhora no desempenho financeiro das empresas, uma vez que a hipótese nula de alteração do valor do retorno das ações não foi invalidada. Infere-se que o mercado não percebe uma diferença de valor nas ações dessas empresas, em função dos eventos de GRTI. Com intuito de suportar teoricamente esta pesquisa, foram reunidas as principais pesquisas em governança de TI e GRTI e relacionando-as a um desempenho financeiro empresarial. / Considering the importance of IT in the business environment and the risks inherent in the use of this technology, this study aims to seek evidence of improved performance of companies with IT Risk Management (ITRM). The research followed the methodology of the Market Efficiency Hypothesis, in its semi-strong-form, that is, using the event window method. This methodology was used to estimate the abnormal returns on the valuation of companies' shares, resulting from the publication of ITRM events by Brazilian publicly traded companies, obtained from the BMF&BOVESPA website. All listed companies were analyzed throughout the period available on the site, that is, from 2003 to 2016, approximately 400 companies in each year. This analysis used search tools from the site itself to find annually all documents that contained mention to the word risk. All public documents obtained by this filtering were examined in detail to identify evidence that the company held, for the first time, ITRM actions. That is, the company announced that ITRM became part of their administrative and operational routines. After this detailed analysis of all documents published by these companies from Brazilian stock exchange, 22 companies evidenced to the market that do ITRM. These 22 companies were examined under the event window methodology. The results indicate that, in the Brazilian scenario, it is not possible to affirm that the ITRM brings an improvement in companies’ financial performance, since the null hypothesis of change shares’ return values was not negated. It is inferred that the market does not notice a difference in these companies’ share values due to ITRM events. In order to theoretically support this research, the main studies in IT governance and ITRM were gathered and related to a business financial performance.
|
10 |
Dimensions and Operationalisations of IT Governance: A Literature Review and Meta-Case StudyNovotny, Alexander, Bernroider, Edward, Koch, Stefan January 2012 (has links) (PDF)
This paper seeks to tackle the current confusion about the constituent dimensions of IT Governance (ITG) and inconsistent operationalisation approaches inhibiting advances in research and organisational ITG practice. Through a structured literature review of ranked high-quality publications augmented by a meta-case study with five underlying projects, we find nine distinct dimensions of ITG. The input-oriented dimensions Compliance Management, IT Investment Management and ITG Improvement have received little attention in earlier conceptualisations, while the more output-oriented dimensions Business/IT Alignment and Business Value Delivery have featured more often in related studies. Scope and application of ITG may depend on the organisational context and the intentional use, such as regulatory or strategic. Depending on the context, more research seems to be warranted to develop context-dependent measurement constructs of ITG that can be compared over studies. (author's abstract)
|
Page generated in 0.0335 seconds