The IS risk analysis based on a business model

The disruption of operations due to IS failure becomes more important as IS has become an increasingly essential component of the organization's operations and can affect its strategic objectives. Nevertheless, traditional IS risk analysis methods do not adequately reflect the loss from disruption of operations in determining the value of IS assets. Quantitative methods do not measure the loss from disruption of operations. Qualitative methods consider the loss, but their results are subjective and not suitable for cost-benefit decision support. There is a lack of systematic methods to measure the value of IS assets from the viewpoint of operational continuity. This study presents an IS risk analysis method based on a business model. The method uses a systematic quantitative approach dealing with operational continuity: the importance of various business functions and the necessity level of various assets are first determined. The value of each asset is then determined based on these two levels. The proposed method adds the first stage, organizational investigation, to traditional risk analysis. The process of the method utilizes various methodologies such as paired comparison, asset-function assignment tables, and asset dependency diagrams. (C) 2003 Elsevier Science B.V. All rights reserved.
Publisher
ELSEVIER SCIENCE BV
Issue Date
2003-12
Language
ENG
Keywords

INFORMATION-SYSTEMS; MANAGEMENT

Citation

INFORMATION & MANAGEMENT, v.41, pp.149 - 158

ISSN
0378-7206
URI
http://hdl.handle.net/10203/3686
Appears in Collection
KGSF-Journal Papers(저널논문)
  • Hit : 397
  • Download : 98
  • Cited 0 times in thomson ci
This item is cited by other documents in WoS
⊙ Detail Information in WoSⓡClick to seewebofscience_button
⊙ Cited 31 items in WoSClick to see citing articles inrecords_button

qr_code

  • mendeley

    citeulike


rss_1.0 rss_2.0 atom_1.0