Abstract
This chapter examines the importance of information technology risk management and summarizes the prominent risk management frameworks used to mitigate risks in information technology systems. It explores the risk management life cycle, starting from the threat identification to the quantitative and qualitative risk analysis and moving toward the risk mitigation strategies. With the soaring security incidents and financial damage associated with them, it has become a prerequisite to identify unforeseen threats along with known vulnerabilities to create preventive and corrective risk response controls. Moreover, assessing the risks to the most accurate value is essential to prioritize high-severity risks over low-severity risks. This chapter also outlines the emerging trends in information technology risk management that seek the attention of the risk management team to incorporate cognitive technology and behavioral sciences in the risk management process.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Crane, C. (2020). The definitive cyber security statistics guide for 2020. Security Boulevard. Retrieved October 2020, from https://securityboulevard.com/2020/05/the-definitive-cyber-security-statistics-guide-for-2020/
2019 Internet Crime Report, Federal Bureau of Investigation/Internet Crime Complaint Center. (2019). Retrieved October 2020, from https://pdf.ic3.gov/2019_IC3Report.pdf
Bandyopadhyay, K., Mykytyn, P. P., & Mykytyn, K. (1999). A framework for integrated risk management in information technology. Management Decision, 37(5), 437–444.
Stoneburner, G., Goguen, A., & Feringa, A. (2002). Risk management guide for information technology systems. NIST SP, 800–830.
The risk IT framework. (2009). ISACA. Retrieved October 2020, from https://www.hci-itil.com/ITIL_v3/docs/RiskIT_FW_30June2010_Research.pdf
Information technology—Security techniques—Information security risk management. ISO/IEC 27005 (1st ed.). Retrieved October 2020, from https://www.sis.se/api/document/preview/909897/
Alhawari, S., Karadsheh, L., Talet, A. N., & Mansour, E. (2012). Knowledge-based risk management framework for information technology project. International Journal of Information Management, 32, 50–65.
Chapple, M., Stewart, J. M., & Gibson, D. (2018). Certified information systems security professional official study guide (8th ed.). (ISC)2, Sybex, A Wiley Brand.
Tan, D. (2002). Quantitative risk analysis step-by-step. Information Security Reading Room, SANS Institute. Retrieved October 2020, from https://www.sans.org/reading-room/whitepapers/auditing/quantitative-risk-analysis-step-by-step-849
Teneyuca, D. (2001). Organizational leader’s use of risk management for information technology. Information Security Technical Report, 6(3), 54–59.
A guide to the project management body of knowledge. (2017). 6th ed. Newtown Square, PA: Project Management Institute.
Larson, E. W., Honig, B., Gray, C. F., Dantin, U., & Baccarini, D. (2014). Project Management: The managerial process. McGraw-Hill Education.
Saeidi, P., Saeidi, S. P., Sofian, S., Saeidi, S. P., Nilashi, M., & Mardani, A. (2019). The impact of enterprise risk management on competitive advantage by moderating role of information technology. Computer Standards & Interfaces, 63, 67–82.
RodrÃguez, A., Ortega, F., & Concepción, R. (2017). An intuitionistic method for the selection of a risk management approach to information technology projects. Information Sciences, 375, 202–218.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this chapter
Cite this chapter
Kaur, G., Lashkari, A.H. (2021). Information Technology Risk Management. In: Daimi, K., Peoples, C. (eds) Advances in Cybersecurity Management. Springer, Cham. https://doi.org/10.1007/978-3-030-71381-2_13
Download citation
DOI: https://doi.org/10.1007/978-3-030-71381-2_13
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-71380-5
Online ISBN: 978-3-030-71381-2
eBook Packages: Computer ScienceComputer Science (R0)