AFIPS '80 Proceedings of the May 19-22, 1980, national computer conference
The IS risk analysis based on a business model
Information and Management
Risk analysis for information technology
Journal of Management Information Systems
Toward an assessment of software development risk
Journal of Management Information Systems - Special section: Strategic and competitive information systems
Attention-shaping tools, expertise, and perceived control in IT project risk assessment
Decision Support Systems
Journal of Management Information Systems
Network externalities, layered protection and IT security risk management
Decision Support Systems
Understanding the Value of Countermeasure Portfolios in Information Systems Security
Journal of Management Information Systems
An information systems security risk assessment model under uncertain environment
Applied Soft Computing
A qualitative analysis of effects of security risks on architecture of an information system
ACM SIGSOFT Software Engineering Notes
Hi-index | 0.00 |
Auditors and systems analysts are increasingly called upon to determine the impact of a disaster striking the computer system. Current risk analysis methods rely on some variation of expected value analysis. The expected value method suffers from serious drawbacks in this application because probabilities of disaster are difficult to estimate and the loss distributions are likely to be highly skewed. This article presents an improved methodology for dealing with EDP risk analysis and contingency planning. It is based on the concept of stochastic dominance and it provides a more accurate comparison of the various contingency plans by dealing with estimates of the entire loss distribution. This methodology also focuses on the differences between contingency plans, rather than on the cause of the disaster. The application of this methodology is illustrated for the case of a hypothetical medium-sized bank using aggregated data.