Risk Analysis for Information Technology

As Information Technology (IT) has become increasingly important to the competitive position of firms, managers have grown more sensitive to their organization's overall IT risk management. Recent pUblicity concerning losses incurred by companies because of problems with their sophisticated inf...

Full description

Saved in:
Bibliographic Details
Published in:Journal of management information systems 1991-07, Vol.8 (1), p.129-147
Main Authors: Rainer, Rex Kelly, Snyder, Charles A., Carr, Houston H.
Format: Article
Language:English
Subjects:
Ales
computer security
Estimation methods
Information management
Information storage and retrieval systems
Information technology
Management information systems
MIS risk analysis
Process management
Questionnaires
Risk analysis
Risk management
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:As Information Technology (IT) has become increasingly important to the competitive position of firms, managers have grown more sensitive to their organization's overall IT risk management. Recent pUblicity concerning losses incurred by companies because of problems with their sophisticated information systems has focused attention on the importance of these systems to the organization. In an attempt to minimize or avoid such losses, managers are employing various qualitative and quantitative risk analysis methodologies. The risk analysis literature, however, suggests that these managers typically utilize a single methodology, not a combination of methodologies. This paper proposes a risk analysis process that employs a combination of qualitative and quantitative methodologies. This process should provide managers with a better approximation of their organization's overall information technology risk posture. Practicing managers can use this proposed process as a guideline in formulating new risk analysis procedures and/or evaluating their current risk analysis procedures.
ISSN:0742-1222
1557-928X
DOI:10.1080/07421222.1991.11517914