 Including technical and security risks in the management of information systems: A programmatic risk management modelRobin L. Dillon and M. Elisabeth Paté‐Cornell Systems Engineering, 2005, vol. 8, issue 1, 15-28 Abstract: Developing and managing information systems have always been challenging, but increased security concerns and tighter budget resources have made these tasks even more difficult in recent years. Increased networking, mobility, and telecommuting, while beneficial to business productivity, have introduced serious technical issues and potential security problems. The software risk assessment literature has focused primarily on managerial risks, while security risk models have generally excluded these risks and the associated implementation costs. In addition, the social components of decision‐making under risk (e.g., a corporate culture that rewards only on‐time, on‐budget software delivery) have proven to be a primary risk driver in many environments. On the basis of a high‐level risk analysis model, this paper provides a framework that permits assessment and management of the critical risks of technical failures and security breaches of information systems, in conjunction with the managerial risks of exceeding the levels of resources allocated to their development. To do so, we consider explicitly the tradeoffs involved and the effects of resource constraints on system reliability and security. © 2004 Wiley Periodicals, Inc. Syst Eng 8: 15–28, 2005 Date: 2005 Downloads: (external link) Related works: Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text Persistent link: https://EconPapers.repec.org/RePEc:wly:syseng:v:8:y:2005:i:1:p:15-28 Access Statistics for this article More articles in Systems Engineering from John Wiley & Sons |
Is your work missing from RePEc? Here is how to contribute.
Questions or problems? Check the EconPapers FAQ or send mail to .
EconPapers is hosted by the
School of Business at Örebro University.