The Information Systems risk analysis based on a business model

The Information Systems risk analysis based on a business model

0.00 Avg rating0 Votes
Article ID: iaor2004963
Country: Netherlands
Volume: 41
Issue: 2
Start Page Number: 149
End Page Number: 158
Publication Date: Dec 2003
Journal: Information and Management
Authors: ,
Keywords: risk, computers: information, decision theory: multiple criteria, analytic hierarchy process
Abstract:

The disruption of operations due to IS failure becomes more important as IS has become an increasingly essential component of the organization's operations and can affect its strategic objectives. Nevertheless, traditional IS risk analysis methods do not adequately reflect the loss from disruption of operations in determining the value of IS assets. Quantitative methods do not measure the loss from disruption of operations. Qualitative methods consider the loss, but their results are subjective and not suitable for cost–benefit decision support. There is a lack of systematic methods to measure the value of IS assets from the viewpoint of operational continuity. The study presents an IS risk analysis method based on a business model. The method uses a systematic quantitative approach dealing with operational continuity: the importance of various business functions and the necessity level of various assets are first determined. The value of each asset is then determined based on these two levels. The proposed method adds the first stage, organizational investigation, to traditional risk analysis. The process of the method utilizes various methodologies such as paired comparison, asset–function assignment tables, and asset dependency diagrams.

Reviews

Required fields are marked *. Your email address will not be published.