Developing a Risk Management System for Information Systems Security Incidents

Farahmand, Fariborz

22 November 2004

The Internet and information systems have enabled businesses to reduce costs, attain greater market reach, and develop closer business partnerships along with improved customer relationships. However, using the Internet has led to new risks and concerns. This research provides a management perspective on the issues confronting CIOs and IT managers. It outlines the current state of the art of information security, the important issues confronting managers, security enforcement measure/techniques, and potential threats and attacks. It develops a model for classification of threats and control measures. It also develops a scheme for probabilistic evaluation of the impact of security threats with some illustrative examples. It involves validation of information assets and probabilities of success of attacks on those assets in organizations and evaluates the expected damages of these attacks. The research outlines some suggested control measures and presents some cost models for quantifying damages from these attacks and compares the tangible and intangible costs of these attacks. This research also develops a risk management system for information systems security incidents in five stages: 1- Resource and application value analysis, 2- Vulnerability and risk analysis, 3- Computation of losses due to threats and benefits of control measures, 4- Selection of control measures, and 5- Implementation of alternatives. The outcome of this research should help decision makers to select the appropriate control measure(s) to minimize damage or loss due to security incidents. Finally, some recommendations for future work are provided to improve the management of security in organizations.

Business

Information systems

Risk

Security

Effects of Information Technology Risk Management and Institution Size on Financial Performance

Barrett, Shaun D'olene Kecia

01 January 2016

A negative relationship exists between unmanaged IT risk and financial performance of institutions of varying sizes. The purpose for this quantitative correlation study was to examine the relationship between IT risk management, institution size, and the financial performance of credit unions in Jamaica. Information Systems Audit and Control Association (ISACA) risk IT model provided the theoretical framework for the study. Audited financial statements and a web-based survey provided data for this study. One hundred and thirty employees from 13 credit unions in Jamaica participated in the study. Results of the multiple regression tests confirmed a statistically significant relationship between IT risk management, institution size, and the financial performance of Jamaican credit unions, F (2, 99) = 46.861, p = 0.000, R2 = .486. Institution size was a statistically significant predictor of financial performance (beta = -.637, p = .000). IT risk management initiatives did not provide any significant variation (beta = .139, p = .074) in financial performance. Research findings may lead to more effective and efficient operations of Jamaican credit unions and improvement in their financial performance, which could result in positive social change through the increases in corporate social contributions, the payment of dividends, and the offer of affordable product and services for over 1 million Jamaican credit union members.

credit unions

credit unions in Jamaica

Information systems risk management

IT risk management

jamaica

Databases and Information Systems