Abstract
This paper presents an integrated approach to risk analysis for Information Systems (IS) using the Structured Risk Analysis (SRA) methodology developed at Hyperion. SRA has been used, very successfully, to perform risk analysis both for security-oriented risk analysis in the City and safety-oriented risk analysis for the European Space Agency. This paper develops and describes a particular instance of the SRA methodology for IS. Excluding safety-critical applications allows certain simplifications to the methodology in the case of IS. These simplifications make structured risk analysis for information systems (SRA-IS) a practical and cost-effective basis for risk analysis and risk management in commercial organizations.
Similar content being viewed by others
Author information
Authors and Affiliations
Rights and permissions
About this article
Cite this article
Birch, D., McEvoy, N. Risk analysis for Information Systems. J Inf Technol 7, 44–53 (1992). https://doi.org/10.1057/jit.1992.7
Published:
Issue Date:
DOI: https://doi.org/10.1057/jit.1992.7