A Study of Issues Concerning Cross-strait Information Systems Architecture by Information Electronic IndustryCHUI, Cheng-Hsien 27 July 2003 (has links)
Abstract In recent years, Taiwanese industries investing in Mainland China have switched from traditional industries to hi-tech enterprises and their investment strategies have changed from production cost saving to division of labor and industry integration. However, without support of efficient and effective IT system, enterprises cannot quickly adjust to business environment varying from minute to minute. Thus, in this research, a study is conducted to investigate the roles of IT systems in facilitating hi-tech companies to gain accurate information and support just-in-time operations. The findings suggest that most IT system adopted by the subsidiary in China are transferred directly from the parent company in Taiwan. They are not built from the scratch nor modified by the subsidiary due to considerations such as smoothing usual operation, building up the same domain knowledge, and shortening production schedule. Whether the subsidiary in China is directly supervised by the parent company in Taiwan will affect the level of support by the MIS department in Taiwan. In addition, the subsidiary members¡¦ values and commitment will affect cross-strait IT architecture. In the area of risk management, the perception of information security risk differs between Taiwan headquarter and China subsidiary because of different needs and business models. Distrusting China subsidiary members is still an issue to develop cross-strait IT security systems. Keyword: IT architecture, IT risk management
Lioupras, Ioannis, Manthou, Eleni
Due to the rapid evolution of technology, IT software has become incredibly complex. However the human factor still has a very important role on the application of it, since people are responsible to create software. Consequently, software vulnerabilities represent inevitable drawbacks, found to cost extremely large amounts of money to the companies. “Heartbleed” is a recently discovered vulnerability with no prior investigation that answers questions about the impact it has to the companies affected. This paper focuses on the impact of it on the market value of the companies who participated in the vulnerability disclosure process with the help of an event study methodology. Furthermore our analysis investigates if there is a different affection to the value of the company based on the roles those companies had in the process. Our results suggest that the market did not punish the companies about the existence of vulnerability. However the general negative reaction of the market to the incident reflects the importance of a strategic vulnerability disclosure plan for such cases.
Westerman, George, Walpole, Robert
29 July 2005
IT Risk management is becoming increasingly important for CIOs and their executive counterparts. Educators and managers have materials they can use to discuss specific IT risks in project management, security and other risk-related topics, but they have few resources they can use to have a holistic discussion of enterprise-level IT risk management. This case is intended to address the gap. It describes the IT risks facing a large financial services firm, PFPC, as a result of rapid growth, a large merger and distributed management of the IT function. The firm’s first enterprise-wide CIO, Martin Deere used risk management as a key pillar in a major revamp of the firm's applications and IT capabilities. The case is rich in detail on the firm's IT risks, the new risk management process, including examples of the firm's risk management tools. It also describes early lessons and outcomes in the implementation of risk management capabilities. The case has enough richness and potential controversy to engage students from the undergraduate through executive levels in an informative and interesting discussion of IT risk management.
IS/IT Risk Assessment in the Implementation of a Business Continuity Plan : An integrated approach based on Enterprise Risk Management and Governance of Enterprise ITHidalgo Valdez, Cristina Cecilia January 1900 (has links)
Business continuity is an area of research that ensure continuity of enterprise operations. Business continuity requires knowledge and input from business and IT leaders to assess and manage risks associated with critical business processes to develop a plan that can allow the organization to resume operations. Organizations that have a holistic enterprise risk management approach can better manage business and technology risks. The increasing dependency on technological resources asserts the need to assess business and technology risks to develop business continuity. Nevertheless, governance and enterprise leaders find difficult to determine the scope and impact of risks associated with enterprise operations. In organizational contexts, business continuity planning is perceived as an element of contingency instead of an opportunity for improvement. In addition, there is a lack of academic literature related to the organizational implementation of a business continuity plan. For this reason, there is a need to merge enterprise risk management and governance of enterprise IT views to provide an integrated perspective of business and technological risk in the im-plementation of a business continuity plan.The objective of the study relies on assessing how the implementation of a business continuity plan is conducted, together with its challenges and benefits, to provide insights on the elements that facilitates a business continuity plan implementation. The study focuses on the preparation phase of a business continuity plan, where enterprise risks are identified, evalu-ated and mitigated. The study results are based on a case study performed at a multination retail and manufacturing enterprise in Spain. The results indicates that awareness from the higher governance body and senior management on the dependency that enterprises have developed on IS/IT key resources is a factor that influence how risk management and technology risk is perceived in organizations. This influence how the higher governance body views the need to implement enterprise risk management, governance of enterprise IT and business continuity initiatives. Likewise, the elements facilitating a business continuity imple-mentation are associated with the sponsorship and leadership from organizational actors, the involvement of an external organizational agent that can bring expertise and methodology related to business continuity planning, identification of enterprise critical areas and processes and the creation of business and IT risk scenarios to depict threats to the organization operations and processes. This internal reflection brings challenges and benefits to the or-ganization and both are addressed in the study.The study concludes with the presentation of two high level frameworks that can aid enter-prise leaders to visualize and understand the influence that enterprise risk management and governance of enterprise IT has on the implementation of a business continuity plan and the underlying elements that facilitate a business continuity plan implementation in organizations.
Nowadays risk management is an essential part of project management. It is necessary to identify, analyze, registr and respond to risks. They have to be assesed by means of the probability of their occurence and their final impacts. One of the tools for risk and response management and for keeping the evidence is risk register. This study will compare different theoretical approaches to risk management (e.g. based on PRINCE2) and based on the comparison a template for risk register and related user guide for different IT project environments will be derived. The study will have two parts: the theoretical part will introduce the issue and analyze different methods; in the practical part will be compared these methods and the template for risk register will be derived together with the user guide.
Guideline for assessing risks arising from adoption of a cloud service / Guideline for assessing security risks arising from adoption of a cloud platformTomčová, Zuzana January 2014 (has links)
This thesis focuses on assessment of IT risks related to company's adoption of a cloud ser-vice. The goal of the thesis is to identify generally applicable set of IT risks, which will serve as a basis for the proposed risk assessment guideline. The work is organized as follows: Introduction and literature review is presented in the first chapter. The author provides theoretical background supporting better understand-ing of the topic in the Chapter two, where concept of the cloud computing and IT risk are described. A qualitative questionnaire is introduced and results of the participants' re-sponses are depicted in the third chapter. Following chapter provides a risks categoriza-tion representing a base for the proposed cloud oriented IT risk assessment guideline. Subsequently, validation of the guideline in form of its practical application on a company undergoing the decision-making process towards cloud solution is summarized in the Chapter five. Second last chapter describes standards and certifications in an area of coud information security. Finally, Chapter seven summarizes and concludes the findings outlining opportunities for future work and possible improvements in this area.
Garay, Daniel Felipe Carnero, Marcos Antonio, Carbajal Ramos, Armas-Aguirre, Jimmy, Molina, Juan Manuel Madrid
01 June 2020
El texto completo de este trabajo no está disponible en el Repositorio Académico UPC por restricciones de la casa editorial donde ha sido publicado. / This paper proposes an information security risk management model that allows mitigating the threats to which SMEs in Peru are exposed. According to studies by Ernst Young, 90% of companies in Peru are not prepared to detect security breaches, and 51% have already been attacked. In addition, according to Deloitte, only 10% of companies maintain risk management indicators. The model consists of 3 phases: 1. Inventory the information assets of the company, to conduct the risk analysis of each one; 2. Evaluate treatment that should be given to each risk, 3. Once the controls are implemented, design indicators to help monitor the implemented safeguards. The article focuses on the creation of a model that integrates a standard of risk management across the company with a standard of IS indicators to validate compliance, adding as a contribution the results of implementation in a specific environment. The proposed model was validated in a pharmaceutical SME in Lima, Peru. The results showed a 71% decrease in risk, after applying 15 monitoring and training controls, lowering the status from a critical level to an acceptable level between 1.5 and 2.3, according to the given assessment. / Revisión por pares
Novotny, Alexander, Bernroider, Edward, Koch, Stefan
(has links) (PDF)
This paper seeks to tackle the current confusion about the constituent dimensions of IT Governance (ITG) and inconsistent operationalisation approaches inhibiting advances in research and organisational ITG practice. Through a structured literature review of ranked high-quality publications augmented by a meta-case study with five underlying projects, we find nine distinct dimensions of ITG. The input-oriented dimensions Compliance Management, IT Investment Management and ITG Improvement have received little attention in earlier conceptualisations, while the more output-oriented dimensions Business/IT Alignment and Business Value Delivery have featured more often in related studies. Scope and application of ITG may depend on the organisational context and the intentional use, such as regulatory or strategic. Depending on the context, more research seems to be warranted to develop context-dependent measurement constructs of ITG that can be compared over studies. (author's abstract)
The theoretical part of the thesis analyzes several selected methodologies and best-practices related to information technology risks management, with focus on documents and guidance developed by ISACA. It builds a set of ideas and basic requirements for effective model of an IT risk register. Strong emphasis is placed on mapping CobiT 4.1 based Risk IT to COBIT 5. The practical part describes implementation of an exploratory web-based IT risk register in Python programming language utilizing the Django framework and employs concepts from the analysis.
IT innovations have reshaped banking and will continue to do so. They are a manifestation of indispensable progress, yet risks emerge from IT innovations. Historic data and accounts of emerging risk experiences are rather scarce. Hence, they present a special challenge to risk management as they are hard to identify. Moreover, traditional risk management practices, relying on historic data, may not be fully adequate. What solutions can be offered by risk management to manage these risks? When is an uncertainty understood as an emerging risk? Who needs to be involved in the risk management process?The research asks the seemingly obvious question, yet this important topic has been regularly neglected in academics as well as in practice. Both literature and theoretical basis have only recently developed so as of yet there is little availability of varying viewpoints and reliable theories. 70% of the banks interviewed do notactively consider emerging risks in their risk management process. The banks take a reluctant position in general, waiting to see how things develop. Only three banks have a proactive approach and manage emerging risks from IT innovation in using an enterprise-wide approach such as Enterprise Risk Management (ERM).Therefore, this work develops a conceptual framework which aims to fill the research gap between ERM as an approach to holistic portfolio risk management and the lack of academic and practical work on emerging risks. The conceptual framework explores how banks can apply ERM to manage emerging risks in the future. Researching this topical phenomenon, extending today's common application and understanding of emerging risks and ERM in practice and academia is one of the most challenging tasks confronting future risk management (Bromiley et al., 2015).To the author's knowledge, this project is one of the first to take this challenge.
Page generated in 0.0595 seconds