 Issues IT risk management educational institutionsAnna Lavrentieva ()
Published Papers from Russian Presidential Academy of National Economy and Public Administration Abstract: IT-risks associated with the creation, transmission, storage and use of information through electronic media and other means of communication. A threat can present technical problems, data inconsistencies in different systems, unlimited employee access to information, virus attacks. Categories of IT risks: risks caused by leakage of information, including unauthorized access by employees and students, and risks of technical failures in the information transmission channels, which. Management of IT risk is based on standard strategies: rejection of the risk; evasion from risks; responsibility for the risk with a guarantee of full compensation for the expense of own funds of the organization; the allocation of risk among direct participants of educational process organization; the transfer of responsibility for a risk to another person; reduce the possible negative consequences of risk through preventive measures. The principles of successful prevention of IT risks: limited access of staff to information systems and documents of institutions in accordance with the authority and competence; tight control of access to information and uninterrupted operation of information systems, which directly influence the activities of the institution. Outside or inside the object, there may be reasons that cause the occurrence of a risk or threat an event that could cause harm to the object. Experts use tabular methods to information risk assessment. Best practices in quantitative indicators of existing or proposed physical resources of the institution are evaluated from the point of view of the cost of replacing or restoring the health of the resource, by analogy, the program resources are evaluated using the definition of the acquisition costs or rehabilitation. Most popular among the methodologies for risk assessment have received the method of "risk matrix". This is a fairly simple method of risk analysis. In the evaluation process experts determined the likelihood of each risk and the size of the losses (cost of risk). When the risk assessment uses two basic parameters — the probability of occurrence and level of damage. The accuracy of their measurement depends on the accuracy of the estimation and respectively the choice of the solution. The problem is that it risks impossible to obtain all the necessary data for his analysis. With this in mind, in the mechanism of forming of expert estimations. There is a mechanism for obtaining risk assessments based on fuzzy logic. The mechanism of risk assessment based on fuzzy logic is essentially an expert system. There are following approaches of software analysis tools risk: obtain risk assessments only on a qualitative level; the output of quantitative risk assessments based on qualitative, obtained from experts; obtaining accurate quantitative estimates for each risk. Keywords: information and telecommunication risks (IT risk); category IT-risks; basic strategies of risk management; approaches to software development risk analysis (search for similar items in EconPapers) Downloads: (external link) Related works: Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text Persistent link: https://EconPapers.repec.org/RePEc:rnp:ppaper:lavrpc Access Statistics for this paper More papers in Published Papers from Russian Presidential Academy of National Economy and Public Administration Contact information at EDIRC. |
Is your work missing from RePEc? Here is how to contribute.
Questions or problems? Check the EconPapers FAQ or send mail to .
EconPapers is hosted by the
School of Business at Örebro University.