IDEAS home Printed from https://ideas.repec.org/a/wly/syseng/v8y2005i1p15-28.html
   My bibliography  Save this article

Including technical and security risks in the management of information systems: A programmatic risk management model

Author

Listed:
  • Robin L. Dillon
  • M. Elisabeth Paté‐Cornell

Abstract

Developing and managing information systems have always been challenging, but increased security concerns and tighter budget resources have made these tasks even more difficult in recent years. Increased networking, mobility, and telecommuting, while beneficial to business productivity, have introduced serious technical issues and potential security problems. The software risk assessment literature has focused primarily on managerial risks, while security risk models have generally excluded these risks and the associated implementation costs. In addition, the social components of decision‐making under risk (e.g., a corporate culture that rewards only on‐time, on‐budget software delivery) have proven to be a primary risk driver in many environments. On the basis of a high‐level risk analysis model, this paper provides a framework that permits assessment and management of the critical risks of technical failures and security breaches of information systems, in conjunction with the managerial risks of exceeding the levels of resources allocated to their development. To do so, we consider explicitly the tradeoffs involved and the effects of resource constraints on system reliability and security. © 2004 Wiley Periodicals, Inc. Syst Eng 8: 15–28, 2005

Suggested Citation

  • Robin L. Dillon & M. Elisabeth Paté‐Cornell, 2005. "Including technical and security risks in the management of information systems: A programmatic risk management model," Systems Engineering, John Wiley & Sons, vol. 8(1), pages 15-28.
    • Handle: RePEc:wly:syseng:v:8:y:2005:i:1:p:15-28
    DOI: 10.1002/sys.20016
    as

    Download full text from publisher

    File URL: https://doi.org/10.1002/sys.20016
    Download Restriction: no
    File URL: https://libkey.io/10.1002/sys.20016?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    References listed on IDEAS

    as
    1. Ralph L. Keeney, 1982. "Feature Article—Decision Analysis: An Overview," Operations Research, INFORMS, vol. 30(5), pages 803-838, October.
    2. Stanley Kaplan & B. John Garrick, 1981. "On The Quantitative Definition of Risk," Risk Analysis, John Wiley & Sons, vol. 1(1), pages 11-27, March.
    3. Sarma Nidumolu, 1995. "The Effect of Coordination and Uncertainty on Software Project Performance: Residual Performance Risk as an Intervening Variable," Information Systems Research, INFORMS, vol. 6(3), pages 191-219, September.
    4. Samuel E. Bodily, 1992. "Introduction: The Practice of Decision and Risk Analysis," Interfaces, INFORMS, vol. 22(6), pages 1-4, December.
    5. Robin L. Dillon & M. Elisabeth Paté-Cornell & Seth D. Guikema, 2003. "Programmatic Risk Analysis for Critical Engineering Systems Under Tight Resource Constraints," Operations Research, INFORMS, vol. 51(3), pages 354-370, June.
    Full references (including those not matched with items on IDEAS)

    Citations

    Citations are extracted by the CitEc Project, subscribe to its RSS feed for this item.
    as


    Cited by:

    1. James H. Lambert & Rachel K. Jennings & Nilesh N. Joshi, 2006. "Integration of risk identification with business process models," Systems Engineering, John Wiley & Sons, vol. 9(3), pages 187-198, September.

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Michael Felix Pacevicius & Marilia Ramos & Davide Roverso & Christian Thun Eriksen & Nicola Paltrinieri, 2022. "Managing Heterogeneous Datasets for Dynamic Risk Analysis of Large-Scale Infrastructures," Energies, MDPI, vol. 15(9), pages 1-40, April.
    2. Emanuele Borgonovo & William Castaings & Stefano Tarantola, 2011. "Moment Independent Importance Measures: New Results and Analytical Test Cases," Risk Analysis, John Wiley & Sons, vol. 31(3), pages 404-428, March.
    3. Emanuele Borgonovo & Alessandra Cillo, 2017. "Deciding with Thresholds: Importance Measures and Value of Information," Risk Analysis, John Wiley & Sons, vol. 37(10), pages 1828-1848, October.
    4. M. Elisabeth Paté-Cornell & Robin L. Dillon, 2006. "The Respective Roles of Risk and Decision Analyses in Decision Support," Decision Analysis, INFORMS, vol. 3(4), pages 220-232, December.
    5. Gundula Glowka & Andreas Kallmünzer & Anita Zehrer, 2021. "Enterprise risk management in small and medium family enterprises: the role of family involvement and CEO tenure," International Entrepreneurship and Management Journal, Springer, vol. 17(3), pages 1213-1231, September.
    6. Benischke, Mirko H. & Guldiken, Orhun & Doh, Jonathan P. & Martin, Geoffrey & Zhang, Yanze, 2022. "Towards a behavioral theory of MNC response to political risk and uncertainty: The role of CEO wealth at risk," Journal of World Business, Elsevier, vol. 57(1).
    7. S. Cucurachi & E. Borgonovo & R. Heijungs, 2016. "A Protocol for the Global Sensitivity Analysis of Impact Assessment Models in Life Cycle Assessment," Risk Analysis, John Wiley & Sons, vol. 36(2), pages 357-377, February.
    8. K. Karthikeyan & S. Bharath & K. Ranjith Kumar, 2012. "An Empirical Study on Investors’ Perception towards Mutual Fund Products through Banks with Reference to Tiruchirapalli City, Tamil Nadu," Vision, , vol. 16(2), pages 101-108, June.
    9. Nicola Paltrinieri & Nicolas Dechy & Ernesto Salzano & Mike Wardman & Valerio Cozzani, 2012. "Lessons Learned from Toulouse and Buncefield Disasters: From Risk Analysis Failures to the Identification of Atypical Scenarios Through a Better Knowledge Management," Risk Analysis, John Wiley & Sons, vol. 32(8), pages 1404-1419, August.
    10. Louis Anthony (Tony) Cox, Jr., 2012. "Community Resilience and Decision Theory Challenges for Catastrophic Events," Risk Analysis, John Wiley & Sons, vol. 32(11), pages 1919-1934, November.
    11. Chen, Fuzhong & Hsu, Chien-Lung & Lin, Arthur J. & Li, Haifeng, 2020. "Holding risky financial assets and subjective wellbeing: Empirical evidence from China," The North American Journal of Economics and Finance, Elsevier, vol. 54(C).
    12. D. K. Choudhury, 2019. "Standard Critical Path and Selection of Most Economic and Quality Contractors for Construction of Thermal Power Plant: A Case Study in NTPC," Metamorphosis: A Journal of Management Research, , vol. 18(2), pages 103-118, December.
    13. Niël Almero Krüger & Natanya Meyer, 2021. "The Development of a Small and Medium-Sized Business Risk Management Intervention Tool," JRFM, MDPI, vol. 14(7), pages 1-14, July.
    14. Bent Flyvbjerg & Alexander Budzier & Jong Seok Lee & Mark Keil & Daniel Lunn & Dirk W. Bester, 2022. "The Empirical Reality of IT Project Cost Overruns: Discovering A Power-Law Distribution," Papers 2210.01573, arXiv.org.
    15. James H. Lambert & Rachel K. Jennings & Nilesh N. Joshi, 2006. "Integration of risk identification with business process models," Systems Engineering, John Wiley & Sons, vol. 9(3), pages 187-198, September.
    16. Johnson, Caroline A. & Flage, Roger & Guikema, Seth D., 2021. "Feasibility study of PRA for critical infrastructure risk analysis," Reliability Engineering and System Safety, Elsevier, vol. 212(C).
    17. Kasai, Naoya & Matsuhashi, Shigemi & Sekine, Kazuyoshi, 2013. "Accident occurrence model for the risk analysis of industrialfacilities," Reliability Engineering and System Safety, Elsevier, vol. 114(C), pages 71-74.
    18. Taillandier, F. & Sauce, G. & Bonetto, R., 2009. "Risk-based investment trade-off related to building facility management," Reliability Engineering and System Safety, Elsevier, vol. 94(4), pages 785-795.
    19. J. C. Helton & F. J. Davis, 2002. "Illustration of Sampling‐Based Methods for Uncertainty and Sensitivity Analysis," Risk Analysis, John Wiley & Sons, vol. 22(3), pages 591-622, June.
    20. Carland, Corinne & Goentzel, Jarrod & Montibeller, Gilberto, 2018. "Modeling the values of private sector agents in multi-echelon humanitarian supply chains," European Journal of Operational Research, Elsevier, vol. 269(2), pages 532-543.

    More about this item

    Statistics

    Access and download statistics

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:wly:syseng:v:8:y:2005:i:1:p:15-28. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Wiley Content Delivery (email available below). General contact details of provider: https://doi.org/10.1002/(ISSN)1520-6858 .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.