The IS risk analysis based on a business model
The disruption of operations due to IS failure becomes more important as IS has become an increasingly essential component of the organization's operations and can affect its strategic objectives. Nevertheless, traditional IS risk analysis methods do not adequately reflect the loss from disruption of operations in determining the value of IS assets. Quantitative methods do not measure the loss from disruption of operations. Qualitative methods consider the loss, but their results are subjective and not suitable for cost-benefit decision support. There is a lack of systematic methods to measure the value of IS assets from the viewpoint of operational continuity. This study presents an IS risk analysis method based on a business model. The method uses a systematic quantitative approach dealing with operational continuity: the importance of various business functions and the necessity level of various assets are first determined. The value of each asset is then determined based on these two levels. The proposed method adds the first stage, organizational investigation, to traditional risk analysis. The process of the method utilizes various methodologies such as paired comparison, asset-function assignment tables, and asset dependency diagrams. (C) 2003 Elsevier Science B.V. All rights reserved.
- Publisher
- ELSEVIER SCIENCE BV
- Issue Date
- 2003-12
- Language
- English
- Article Type
- Article
- Keywords
INFORMATION-SYSTEMS; MANAGEMENT
- Citation
INFORMATION & MANAGEMENT, v.41, pp.149 - 158
- ISSN
- 0378-7206
- Appears in Collection
- MT-Journal Papers(저널논문)
- Files in This Item
This item is cited by other documents in WoS
| ⊙ Detail Information in WoSⓡ | Click to see |  |
| ⊙ Cited 75 items in WoS | Click to see citing articles in |  |
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.