An empirical study of users as application developers
Information and Management - Annals of discrete mathematics, 24
Datamation
Journal of Accountancy
The growing risks of information systems success
MIS Quarterly
Managing personal computer use: the role of corporate management information systems
Journal of Management Information Systems
Design and protection of an information network under a partial ordering: a case study
Computers and Security
The human immune system as an information systems security reference model
Computers and Security
Corporate Information Systems Management: The Issues Facing Senior Executives
Corporate Information Systems Management: The Issues Facing Senior Executives
Attention-shaping tools, expertise, and perceived control in IT project risk assessment
Decision Support Systems
Journal of Management Information Systems
Structural equation model for EDI controls: Controls design perspective
Expert Systems with Applications: An International Journal
Intrusion Prevention in Information Systems: Reactive and Proactive Responses
Journal of Management Information Systems
Understanding the Value of Countermeasure Portfolios in Information Systems Security
Journal of Management Information Systems
Decision-Theoretic and Game-Theoretic Approaches to IT Security Investment
Journal of Management Information Systems
Towards formulation of software project risk radars
International Journal of Business Information Systems
An information systems security risk assessment model under uncertain environment
Applied Soft Computing
RiskM: A multi-perspective modeling method for IT risk assessment
Information Systems Frontiers
Understanding IT project risks as disturbances to digital ecosystems
Proceedings of the International Conference on Management of Emergent Digital EcoSystems
General drawing of the integrated framework for security governance
KES'06 Proceedings of the 10th international conference on Knowledge-Based Intelligent Information and Engineering Systems - Volume Part I
The risk identification and assessment in e-business development
FSKD'05 Proceedings of the Second international conference on Fuzzy Systems and Knowledge Discovery - Volume Part II
Security engineering methodology based on problem solving theory
ICCSA'06 Proceedings of the 2006 international conference on Computational Science and Its Applications - Volume Part IV
Fuzzy risk analysis of flood disasters based on diffused-interior-outer-set model
Expert Systems with Applications: An International Journal
CISIM'12 Proceedings of the 11th IFIP TC 8 international conference on Computer Information Systems and Industrial Management
Information Technology Portfolio Management: Literature Review, Framework, and Research Issues
Information Resources Management Journal
Cyber-risk decision models: To insure IT or not?
Decision Support Systems
| Hi-index | 0.00 |
As Information Technology (IT) has become increasingly important to the competitive position of firms, managers have grown more sensitive to their organization's overall IT risk management. Recent publicity concerning losses incurred by companies because of problems with their sophisticated information systems has focused attention on the importance of these systems to the organization. In an attempt to minimize or avoid such losses, managers are employing various qualitative and quantitative risk analysis methodologies. The risk analysis literature, however, suggests that these managers typically utilize a single methodology, not a combination of methodologies. This paper proposes a risk analysis process that employs a combination of qualitative and quantitative methodologies. This process should provide managers with a better approximation of their organization's overall information technology risk posture. Practicing managers can use this proposed process as a guideline in formulating new risk analysis procedures and/or evaluating their current risk analysis procedures.