Your search keyword '"IT risk"' showing total 26 results

1. Inference on Business Best Practices Affinity Despite Conceptual AI Exposure.

Author

Robinson, Rachel John

Subjects

ARTIFICIAL intelligence, INFORMATION technology, DATA security failures, SENIOR leadership teams, RISK management in business

Abstract

The background of the study was the experience of the major difficulties that IT compliance professionals face in light of emerging technologies like Artificial Intelligence (AI). For this purpose, an in-depth analysis of the current situation and future focus points are provided by a prime coverage of 1,000 survey respondents who are industry cyber practitioners. One in two businesses with between 1000-5000 workers experienced a security breach in 2022, showing that threat actors are still driven to obtain valuable and sensitive data. In contrast to last year's 35% and 57%. Firms anticipate spending more effort on risk compliance management in 2023. The chosen methodology for analyzing this topic is a qualitative retrospective casual comparative positivism approach. Through this analysis, the paper aims to determine whether the C-Suite and board are actively addressing the escalating incidents of security breaches. It is widely recognized that businesses are prepared to enhance their risk and compliance management practices in the future. The paper intends to provide conclusive insights into the current handling of risk and compliance, with indications that these areas are often managed independently and in isolation. Further details on these findings will be presented in the paper. [ABSTRACT FROM AUTHOR]

Published

2023

2. Viable IT Risk Management System by Viable System Model (VSM): Action Research for Managing IT-related Risk in the Banking Service.

Author

Arghand, Ali Akbar

Subjects

*ACTION research, *SCIENTIFIC models, *BANKING industry, *RISK management in business

Abstract

In recent years, some standards and frameworks proposed the risk management structures for managing and controlling IT risk that is the main component of enterprise governance of IT. Unfortunately, these frameworks have a retrospective view of threat analysis and less pay attention to future threats in the business environment, and do not propose adaptable solutions. At the same time, the current risk framework is not based on a strong scientific system modeling. In this research, the researcher proposed the Viable System Model (VSM) as an adaptable and comprehensive framework that is based on scientific modeling with the systematic approach for managing and controlling IT risk in today's complex business environment. This research did in a systematic action research methodology in the banking context in Iran. The results showed that by applying the VSM as a framework for managing IT risk, adaptability of IT risk criteria according to the future threats can be achieved by this framework. A comprehensive risk management framework (retrospective and prospective view) with a systematic approach could be achieved by this system modeling. [ABSTRACT FROM AUTHOR]

Published

2022

3. IT risk management: interrelationships based on strategy implementation

Author

Edirisinghe Vincent, Nishani and Pinsker, Robert

Published

2020

4. AUDIT TATA KELOLA TEKNOLOGI INFORMASI PERUSAHAAN PERBANKAN SKALA KECIL MENGGUNAKAN FRAMEWORK COBIT.

Author

Surya, Rendra Trisyanto, Suwondo, Sulistia, Hadiani, Fatmi, and Hutapea, Riauli Susilawaty

Abstract

Backround: The development of Information Technology is now an enabler of organizations, including banking. More than 80% of banking activities are carried out using information technology, including small-scale banks with the support of simple IT infrastructure such as those located in various regions in Indonesia, including the city of Garut. Purpose: This study aims to map out what important IT processes must be managed properly by small-scale banks against their current maturity value. Including determining how big the level of maturity of the Domain and the overall IT management of Small-Scale Banks today. Method: The research method used is qualitative by using a scoring method in the form of quantitative data to measure 7 IT Processes used from the COBIT Framework, which are close to the IT conditions at Bank "X". Results: The results of the audit conducted in this study, indicate that the sampled Bank "X" has an overall Information Technology Governance Maturity Level of 4.3. This means that IT Management has been implemented internally (Managed and Measurable). There is already a certain pattern that is implemented systematically in controlling IT Risk and ongoing disturbances (Problems/Incidents) that significantly affect the Bank's operations. Conclusion: Based on the results of an audit of IT Governance at Bank "X", the results of the overall governance maturity level are at level 4, namely Managed and Measurable with a score of 4.15. The results of this audit include Domain Planning and Organization, Acquire and Implementation, Delivery and Support and Monitoring and Evaluation. [ABSTRACT FROM AUTHOR]

Published

2022

5. An effective approach to mobile device management: Security and privacy issues associated with mobile applications

Author

Darren Hayes, Francesco Cappa, and Nhien An Le-Khac

Subjects

Mobile applications, Mobile device management, Mobile forensics, Mobile security, Privacy, IT risk, Business, HF5001-6182

Abstract

Consumers and organizations often rely on permissions requested during the installation of mobile applications (apps) and on official privacy policies to determine how safe an app is and decide whether the app producer is acting ethically or not. This research raises several concerns about the collection and sharing of personal data conducted by mobile apps without the knowledge or consent of the user. The findings of this case study research clearly demonstrate that permissions and privacy policies are not enough to determine how invasive an app is. By analysing six popular mobile apps we demonstrate how extensive amounts of data, which go well beyond the permissions requested of the user, are commonly collected. This study illustrates the effectiveness of our proposed approach, which is based upon a static and dynamic analysis, in addition to a review of privacy policy statements. From a corporate perspective, the outcomes of this study are important to understand how many mobile apps put employees, and intellectual property, at risk. Furthermore, we have highlighted how sensitive information being collected may eventually be used in public or private investigations. Moreover, we have also evidenced how the data being collected is contrary to the developers' privacy policies. The results of this study will assist policymakers who may be concerned with consumer privacy and data collection practices.

Published

2020

6. A probabilistic approach to IT risk management in the Basel regulatory framework : A case study

Author

Ibrahimovic, Semir and Franke, Ulrik

Published

2017

7. IT Risk and Chaos Theory: Effect on the Performance of South African SMEs

Author

Anass Bayaga, Stephen Flowerday, and Liezel Cilliers

Subjects

SMEs, change management, operational risk, chaos theory, IT risk, Information technology, T58.5-58.64, Communication. Mass media, P87-96

Abstract

The purpose of the research was to investigate the relationship between information technology (IT) operations risk management (ORM) and small to medium enterprises' (SMEs) performance. Following a review of the literature, a questionnaire was developed with the aim of addressing the research purpose. A simple random sampling technique was used to sample 107 respondents in a financial SME. In order to determine the percentage contribution of some of the identified significant predictors of challenges posed by ORM solutions, multiple regression analysis was used. The percentage distribution revealed that only one variable made a significant contribution: "The way in which end-users deal with the implementation of IT projects". The results additionally revealed that the variable contributed approximately 88.4% of the variations in the level of variables that enhance SMEs' performance. The analysis of variance also revealed that the regression coefficients were real and did not occur by chance. The recommendation of the study is that SMEs should improve the way they deal with the implementation of IT projects in order to address ORM.

Published

2017

8. Unternehmensarchitekturen aus Sicht von IT-Risikomanagement und IT-Revision.

Author

Knoll, Matthias

Abstract

Copyright of HMD: Praxis der Wirtschaftsinformatik is the property of Springer Nature and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)

Published

2018

9. IT RISK MANAGEMENT AND APPLICATION PORTFOLIO MANAGEMENT.

Author

A. L., Kovácsné Mozsár and P., Michelberger

Subjects

RISK management in business, PORTFOLIO management (Investments), FINANCIAL risk management, PORTFOLIO diversification, INVESTMENTS

Abstract

Copyright of Polish Journal of Management Studies is the property of Czestochowa University of Technology, Faculty of Management and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)

Published

2018

10. Интеграция на процесите по управление на риска в дейността на ИТ фирмите

Author

Стоев, Стойчо

Abstract

Risk management should be part of any software development project and the integration of its management processes into the IT business. This leads to successful software development and improvement of the organizational activity of the IT company. In the area of risk management, we define two main levels: strategic and operational. Different processes are differentiated depending on their application in the design, implementation and maintenance stages of software products. It presents the attitude of the individual processes in risk management in the field of IT companies. [ABSTRACT FROM AUTHOR]

Published

2017

11. Do IT matters matter? IT-related key audit matters in Dutch annual reports.

Author

Sneller, Lineke, Bode, Ries, and Klerkx, Arnoud

Subjects

*FINANCIAL crises, *FINANCIAL statements, *INFORMATION economy, *STAKEHOLDERS, *AUDITING of corporations

Abstract

After the recent financial crises, regulators have started reform projects for the auditor's report, the part of a company's financial statements that presents the auditor's opinion. One of the reforms is the transition from a standardised auditor's report without any company-specific information to a report that discloses company-specific information in the so-called key audit matters, significant risks of material misstatement in the company's financial statements. In this paper, we investigate whether a specific subset of the key audit matters, namely those that are IT-related, can be a useful source of company-specific information. Information on IT is important for stakeholders: research in the past decades has shown that IT can potentially disrupt industries, affect a company's stock market value, create risks for a company's continuity, or endanger the integrity of the financial statements. Company-specific information on IT is therefore relevant, but it is also scarce, as there are hardly any mandatory disclosures and companies do not frequently disclose IT-related information voluntarily. IT-related key audit matters could fill a gap in information availability for stakeholders such as investors, auditors and academics. We study the auditor's reports in the financial statements of the companies list on the main Dutch stock market, the AEX. This Dutch market regulator has been a frontrunner for the implementation of the new auditor's report: disclosure of key audit matters has been voluntary in 2012, and mandatory since 2013. In the 75 annual reports, we identify 255 key audit matters, 39 of which were IT-related. We find that the IT-related key audit matters already contain useful information for investors. However, both auditors and academics can play a role in further development of the value of key audit matter disclosures. We argue that auditors may need to pay more attention to high-risk areas such as cyber security. We encourage academics to identify and design innovations of the auditor's report proactively. [ABSTRACT FROM AUTHOR]

Published

2017

12. Change Management in Information Asset.

Author

Eachempati, Prajwal

Subjects

CHANGE management, DIGITAL asset management, INFORMATION technology, CLOUD storage, INFORMATION storage & retrieval systems

Abstract

We are passing through information age with lightning communication speed. Information asset storage in Cloud and retrieval in the net has become the new invisible corporate voyage into the information space. Information Assets are a valuable source of Knowledge for both Information asset creator as well as the user. These are fluid assets that change overtime based on several internal and environmental factors! This paper seeks to address these aspects of Change that impacts such "fluid" Information Assets and the need to raise up to the changing expectations of the millions of users by satisfying the ever growing information hungry businesses. Providing unreliable information and suboptimal analytical tools can destroy the user in the first instance and can lead to self-destruction as Information asset provider will find no takers in the long run. In this context this assorted information on Change management is chosen carefully and it is hoped, will benefit the reader who may be a technical expert in his field. [ABSTRACT FROM AUTHOR]

Published

2017

13. IT-Risikomanagement im Zeitalter der Digitalisierung.

Author

Knoll, Matthias

Published

2017

14. Audit Methodology for IT Governance

Author

Mirela GHEORGHE

Subjects

IT Governance, Corporate Governance, IT Audit Process, IT Risk, Computer engineering. Computer hardware, TK7885-7895, Bibliography. Library science. Information resources

Abstract

The continuous development of the new IT technologies was followed up by a rapid integration of them at the organization level. The management of the organizations face a new challenge: structural redefinition of the IT component in order to create plus value and to minimize IT risks through an efficient management of all IT resources of the organization. These changes have had a great impact on the governance of the IT component. The paper proposes an audit methodology of the IT Governance at the organization level. From this point of view the developed audit strategy is a strategy based on risks to enable IT auditor to study from the best angle efficiency and effectiveness of the IT Governance structure. The evaluation of the risks associated with IT Governance is a key process in planning the audit mission which will allow the identification of the segments with increased risks. With now ambition for completeness, the proposed methodology provides the auditor a useful tool in the accomplishment of his mission.

Published

2010

15. Response to potential information technology risk: Users’ valuation of electromagnetic field from mobile phones.

Author

Jung, Yoonhyuk and Kim, Seongcheol

Subjects

INFORMATION technology, DATA privacy, DATA security, ELECTROMAGNETIC fields, CELL phones, APPROXIMATION theory, PHYSIOLOGY

Abstract

As information technologies have become embedded in daily life, end-users encounter unexpected dangers from using IT. Electromagnetic field (EMF) risk from mobile phones is an example of those dangers. In this paper, we explore how much users value their tolerance of EMF risk by scrutinizing their preference structure of mobile phone devices. The preference structure was generated from conjoint analysis including three attributes of mobile phone devices: brand, price, and electromagnetic emission. In addition, we examined four groups which were clustered based upon their preference structure. Results show that the risk is differently perceived by user clusters and approximately 80% of respondents are likely to change their mobile phone brands for better protection from EMF risk. [ABSTRACT FROM AUTHOR]

Published

2015

16. IT risk identification process analysis / IT rizikos identifikavimo proceso analizė

Author

Rasma Janeliūnienė and Vida Davidavičienė

Subjects

IT risk, IT risk identification, IT risk management, information technology, Technology, Science

Abstract

Business processes and business success that depends on information technology (IT) is now closely associated with IT risks, which is influenced by growing IT risk management and control needs. It is vitally important to identify, analyse and reduce systemic risk in order to avoid undesirable consequences, such as information loss, data leaks or damage. A critical success factor in this situation is the systematic and continuous IT risk management. This paper aims to analyse one part of the IT risk management process –risk identification. The article invoked the methods of literature analysis, synthesis, comparison, and generalization. Santrauka Išaugusi verslo procesų, kartu ir verslo sėkmės, priklausomybė nuo informacinių technologijų (IT) šiuo metu yra glaudžiai susijusi su IT rizika. Tai daro įtaką augančiam IT rizikos valdymo ir kontrolės poreikiui. Nepaneigtina tai, kad identifikuota, išanalizuota ir sumažinta sistemos rizika leidžia išvengti nepageidaujamų pasekmių, tokių kaip informacijos praradimas, nutekėjimas ar duomenų sugadinimas. Pagrindinis sėkmės veiksnys siekiant užtikrinti organizacijos sėkmę valdant IT yra sistemingas ir tęstinis IT rizikos valdymas. Straipsnyje keliamas tikslas išanalizuoti vieną iš IT rizikos valdymo proceso etapų – rizikų identifikavimą. Straipsnyje pasitelkiami tokie metodai, kaip mokslinės literatūros analizė, sisteminimas, apibendrinimas. Reikšminiai žodžiai: IT rizika, IT rizikos identifikavimas, IT rizikos valdymas, informacinės technologijos.

Published

2013

17. Hacia un modelo para la gestión de riesgos de TI en MiPyMEs: MOGRIT.

Author

Vanegas Devia, Gonzalo Andrés and Jesús Pardo, César

Abstract

Copyright of Sistemas & Telemática is the property of Universidad ICESI and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)

Published

2014

18. INSURANCE AS A TOOL TO LIMIT CORPORATE FINANCIAL LOSSES RESULTED BY IT RISK MATERIALIZATION.

Author

Pukala, Ryszard

Subjects

INSURANCE, BUSINESS losses, INFORMATION technology, MARKET volatility, RISK management in business

Abstract

Copyright of Economic Annals-XXI / Ekonomìčnij Časopis-XXI is the property of Institute of Society Transformation and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)

Published

2014

19. IT RIZIKOS IDENTIFIKAVIMO PROCESO ANALIZĖ.

Author

Janeliūnienė, Rasma and Davidavičienė, Vida

Subjects

*INFORMATION technology, *BUSINESS success, *RISK management in business, *CRITICAL success factor, *RISK assessment

Abstract

Business processes and business success that depends on information technology (IT) is now closely associated with IT risks, which is influenced by growing IT risk management and control needs. It is vitally important to identify, analyse and reduce systemic risk in order to avoid undesirable consequences, such as information loss, data leaks or damage. A critical success factor in this situation is the systematic and continuous IT risk management. This paper aims to analyse one part of the IT risk management process -risk identification. The article invoked the methods of literature analysis, synthesis, comparison, and generalization. [ABSTRACT FROM AUTHOR]

Published

2013

20. EMERGING IT RISKS - ARE WE PREPARED TO PROPER REACT?

Author

Stanciu, Victoria and Bran, Florin Paul

Subjects

RISK management in business, INNOVATIONS in business, BUSINESS models, COMPUTER crimes, CORPORATE governance, BUSINESS development, INFORMATION technology, ECONOMIC competition, RISK perception

Abstract

IT based businesses require an attentive risk management process. As a result of the innovations in business models and the permanent updates in IT infrastructure aiming at developing and strengthen the companies' activities new emerging risk are registered. The companies must treat information technology in its dual approach: the competitive advantage brought in business development and market recognition and emerging risks determined by the technologic development. Managing risks, of all kind, is the key of success. The risks must be monitored and the new threats arising from the new IT solutions must find their correspondent in security policies and solutions. The present paper aims at emphasizing the importance of IT in the business development and management and signaling the importance of a holistic approach in the governance process. The empirical research has focused on the IT security policies' adjustment to the new IT developments imbedded in the businesses' processes and IT governance response to the companies needs. [ABSTRACT FROM AUTHOR]

Published

2012

21. IT SOLUTIONS FOR IMPROVING RISK MANAGEMENT.

Author

STANCIU, Victoria and BRAN, Florin Paul

Subjects

RISK management in business, BANKING industry, BUSINESS enterprises, OPERATIONAL risk, FINANCIAL risk management, INFORMATION technology, MANAGEMENT information systems

Abstract

Risk management has proven to be one of the most important success factors of the banks and any organization, regardless of the sector in which they operate. Integrated approach to risk and focus on operational risk management were priorities for the past years. Growing dependence of bank activities on information systems determined new IT risk approaches and involving of banks management executives in IT risk management, today addressed as business risks. This paper presents research results of authors on how to improve operational risk management and also of IT risk, highlighting the impact of an mismanagement of IT risk on bank activities and the need for a global risk management regardless of their nature due to multiple interdependencies between them. [ABSTRACT FROM AUTHOR]

Published

2011

22. Audit Methodology for IT Governance.

Author

Gheorghe, Mirela

Subjects

INFORMATION technology, AUDITING, ACCOUNTING, AUDITORS, CORPORATE governance, STRATEGIC planning, RISK management in business, ORGANIZATIONAL effectiveness, INDUSTRIAL management

Abstract

The continuous development of the new IT technologies was followed up by a rapid integration of them at the organization level. The management of the organizations face a new challenge: structural redefinition of the IT component in order to create plus value and to minimize IT risks through an efficient management of all IT resources of the organization. These changes have had a great impact on the governance of the IT component. The paper proposes an audit methodology of the IT Governance at the organization level. From this point of view the developed audit strategy is a strategy based on risks to enable IT auditor to study from the best angle efficiency and effectiveness of the IT Governance structure. The evaluation of the risks associated with IT Governance is a key process in planning the audit mission which will allow the identification of the segments with increased risks. With now ambition for completeness, the proposed methodology provides the auditor a useful tool in the accomplishment of his mission. [ABSTRACT FROM AUTHOR]

Published

2010

23. A Psychometric Study of Information Technology Risks in the Workplace.

Author

Coles, Robert and Hodgkinson, Gerard P.

Subjects

INFORMATION technology, MULTIDIMENSIONAL scaling, RISK assessment, RISK perception, WORK environment, ORGANIZATIONAL behavior

Abstract

As organizations become increasingly reliant on information technology (IT) they are exposed to a growing number of risks. Surprisingly, however, very few studies to date have investigated the psychometric representation of IT risks, and none have been undertaken in the workplace. Accordingly, the present study was designed to map the judgments of a representative group of workplace IT users. Fifty-seven participants evaluated 18 IT risk scenarios by means of 13 bipolar attribute-rating scales. Profile proximities derived from the raw data were submitted to a weighted multidimensional scaling analysis. The results indicated that a six-dimensional solution was required on both statistical and conceptual grounds to represent adequately the participants' judgments. The dimensions reflected the extent to which the various risk scenarios were perceived as: (1) serious or minor in nature; (2) having a high or low probability of occurrence; (3) causing a high or low degree of stress; (4) deliberate or accidental; (5) having an impact on the organization or on individuals; and (6) the product of human or technological causes. The data were also submitted to a series of hierarchical cluster analyses, using a variety of agglomeration techniques. This second approach revealed a robust structure in which the risk scenarios were grouped into two broad categories, based on whether the events depicted would be likely to have a major or minor impact. The major impact category broke down further, into two subcategories, based on whether the scenarios were seen to arise from deliberate causes or through negligence. In conclusion, we consider the implications of our findings for future research, the refinement of IT risk assessment frameworks and tools, and the training of risk management professionals. [ABSTRACT FROM AUTHOR]

Published

2008

24. Risk and Return of Information Technology Initiatives: Evidence from Electronic Commerce Announcements.

Author

Dewan, Sanjeev and Fei Ren

Subjects

INFORMATION technology, INFORMATION & communication technologies, COMPUTER systems, COMPUTER networks, VIRTUAL communications, ELECTRONIC commerce

Abstract

This paper takes an event study approach to jointly examine the wealth and risk effects associated with electronic commerce announcements, contributing to the emerging research on the riskiness of IT investments and the trade-off between risk and return in the information systems literature. We estimate a generalized event study model that allows for both systematic and unsystematic risk changes on data collected for electronic commerce announcements in the 1996-2002 time frame. A striking result emerging from our analysis is that wealth effects are not significant after controlling for contemporaneous risk changes. Both total and unsystematic risk show a significant postevent increase in 1998 and 2000, whereas systematic risk adjusts downward in 1996 and 2002. Put together, our results contribute to our nascent understanding of how IT initiatives affect the risk-return profile of the firm. [ABSTRACT FROM AUTHOR]

Published

2007

25. The consistency analysis of failure mode and effect analysis (FMEA) in information technology risk assessment.

Author

Subriadi AP and Najwa NF

Abstract

FMEA is as a method for assessing IT risks. This research aimed to examine the consistency of both traditional FMEA and improved FMEA in IT risk assessment. Improved FMEA is the result of a synthesis framework to minimize consistency in traditional FMEA. Two sets of action research cycles (plan, act, observe, reflect) were applied in this research. Action Research 1 was used to examine and prove the consistency of traditional FMEA. On the other hand, Action Research 2 was applied to examine the consistency of improved FMEA. Tests were carried out by two different teams in the same case study. The consistency was observed in the gap of the RPN results in both teams, and the differences result in both action research cycles. Action Research 1 proved that traditional FMEA was not consistent. The gap in the amount of risk at a very high level was four risks. However, Action research 2 had the same amount of risk at a very high level. Based on the correlation test, the consistency of action research 1 was 0.848 (very large correlation), and the action research 2 was 0.937 (near-perfect correlation). The consistency of improved FMEA proved to be more consistent than traditional FMEA. The limitation of this study was memory issues because both action research cycles were carried out by the same team and with similar case studies. Further research is expected to compare traditional FMEA and improved FMEA in different case studies. The theoretical contribution was the improved FMEA synthesis based on limitations of traditional FMEA. The FMEA team may use Improved FMEA Framework., (© 2020 The Author(s).)

Published

2020

26. Investigating the Risk-Return Relationship of Information Technology Investment: Firm-Level Empirical Analysis

Author

Dewan, Sanjeev, Shi, Charles, and Gurbaxani, Vijay

Published

2007