Three Dimensions of Risk Management (Information Systems Risk Management)

Risk considerations during the development and implementation of information systems The importance of Information systems risk management A summary of the organizational risk management framework The risk register of the highest risk of information security to the organization

Information systems are a set of hardware and software components that help collect, organize, process data, store, and provide information, digital products, and knowledge. In the development and implementation of an information system, some risks to consider. These risks include the possibility of Hardware and software failure, from a power shortage or data corruption. The other risk is the computer codes that spread from one computer to another, thereby disrupting the system operations and termed computer viruses. There may be the risk of lacking expert resources and insufficient skilled human resources during the implementation. Other hazards include Malware, spam, human error, and even natural disasters such as floods and wildfires (Mayer & Feltus, 2017)

A Complete Guide to the Risk Assessment Process | Lucidchart Blog

 The importance of information system risk management is reducing the cyber-attacks and the system from being vulnerable. It also helps in data security, and finally, it controls the possibility of third-party vendors by addressing the company uncertainties ensuring the business goal (Rajaonah, 2017). The most common frameworks include the ISO 31000 series, the Committee of Sponsoring Organization of the Treadway Commission (COSO).

In summary, a risk management framework should consist of a structured principle that has attributes of the various risk management, a framework with components, and these entail the plan, implementation, mandate, improvements, and checks. The framework must also have a consultation, communication methods, risk assessment methods, methods of treatments, and system monitoring. Finally, in risk management, there must be a risk register- this is a tool in the risk management project that helps identify possible risks in an organization that can hinder the intended outcome. The register involves identification, assessment, and treating the risks. All these are to secure the assets of the organization (Dreyfuss & Giat, 2016).

References

Dreyfuss, M., & Giat, Y. (2016). Identifying security risk modules in a university’s information system. In Proceedings of Informing Science & IT Education Conference (Vol. 2016, pp. 41-51).

Mayer, N., & Feltus, C. (2017, October). Evaluation of the risk and security overlay of archimate to model information system security risks. In 2017 IEEE 21st International Enterprise Distributed Object Computing Workshop (EDOCW) (pp. 106-116). IEEE.

Rajaonah, B. (2017). A view of trust and information system security under the perspective of critical infrastructure protection.

Leave a Reply