Skip to main content
SpringerLink
Log in

Information Technology Risk Management

  • Chapter
  • First Online:
Advances in Cybersecurity Management

  • 2358 Accesses

Abstract

This chapter examines the importance of information technology risk management and summarizes the prominent risk management frameworks used to mitigate risks in information technology systems. It explores the risk management life cycle, starting from the threat identification to the quantitative and qualitative risk analysis and moving toward the risk mitigation strategies. With the soaring security incidents and financial damage associated with them, it has become a prerequisite to identify unforeseen threats along with known vulnerabilities to create preventive and corrective risk response controls. Moreover, assessing the risks to the most accurate value is essential to prioritize high-severity risks over low-severity risks. This chapter also outlines the emerging trends in information technology risk management that seek the attention of the risk management team to incorporate cognitive technology and behavioral sciences in the risk management process.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
eBook
USD 16.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 69.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 99.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Crane, C. (2020). The definitive cyber security statistics guide for 2020. Security Boulevard. Retrieved October 2020, from https://securityboulevard.com/2020/05/the-definitive-cyber-security-statistics-guide-for-2020/

  2. 2019 Internet Crime Report, Federal Bureau of Investigation/Internet Crime Complaint Center. (2019). Retrieved October 2020, from https://pdf.ic3.gov/2019_IC3Report.pdf

  3. Bandyopadhyay, K., Mykytyn, P. P., & Mykytyn, K. (1999). A framework for integrated risk management in information technology. Management Decision, 37(5), 437–444.

    Article  Google Scholar 

  4. Stoneburner, G., Goguen, A., & Feringa, A. (2002). Risk management guide for information technology systems. NIST SP, 800–830.

    Google Scholar 

  5. The risk IT framework. (2009). ISACA. Retrieved October 2020, from https://www.hci-itil.com/ITIL_v3/docs/RiskIT_FW_30June2010_Research.pdf

  6. Information technology—Security techniques—Information security risk management. ISO/IEC 27005 (1st ed.). Retrieved October 2020, from https://www.sis.se/api/document/preview/909897/

  7. Alhawari, S., Karadsheh, L., Talet, A. N., & Mansour, E. (2012). Knowledge-based risk management framework for information technology project. International Journal of Information Management, 32, 50–65.

    Article  Google Scholar 

  8. Chapple, M., Stewart, J. M., & Gibson, D. (2018). Certified information systems security professional official study guide (8th ed.). (ISC)2, Sybex, A Wiley Brand.

    Google Scholar 

  9. Tan, D. (2002). Quantitative risk analysis step-by-step. Information Security Reading Room, SANS Institute. Retrieved October 2020, from https://www.sans.org/reading-room/whitepapers/auditing/quantitative-risk-analysis-step-by-step-849

  10. Teneyuca, D. (2001). Organizational leader’s use of risk management for information technology. Information Security Technical Report, 6(3), 54–59.

    Article  Google Scholar 

  11. A guide to the project management body of knowledge. (2017). 6th ed. Newtown Square, PA: Project Management Institute.

    Google Scholar 

  12. Larson, E. W., Honig, B., Gray, C. F., Dantin, U., & Baccarini, D. (2014). Project Management: The managerial process. McGraw-Hill Education.

    Google Scholar 

  13. Saeidi, P., Saeidi, S. P., Sofian, S., Saeidi, S. P., Nilashi, M., & Mardani, A. (2019). The impact of enterprise risk management on competitive advantage by moderating role of information technology. Computer Standards & Interfaces, 63, 67–82.

    Article  Google Scholar 

  14. Rodríguez, A., Ortega, F., & Concepción, R. (2017). An intuitionistic method for the selection of a risk management approach to information technology projects. Information Sciences, 375, 202–218.

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Faculty of Computer Science, Canadian Institute for Cybersecurity (CIC), University of New Brunswick, Fredericton, NB, Canada

    Gurdip Kaur & Arash Habibi Lashkari

Authors
  1. Gurdip Kaur
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Arash Habibi Lashkari
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Gurdip Kaur .

Editor information

Editors and Affiliations

  1. University of Detroit Mercy, Detroit, MI, USA

    Kevin Daimi

  2. Ulster University, Newtownabbey, UK

    Cathryn Peoples

Rights and permissions

Reprints and permissions

Copyright information

© 2021 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

Kaur, G., Lashkari, A.H. (2021). Information Technology Risk Management. In: Daimi, K., Peoples, C. (eds) Advances in Cybersecurity Management. Springer, Cham. https://doi.org/10.1007/978-3-030-71381-2_13

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-71381-2_13

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-71380-5

  • Online ISBN: 978-3-030-71381-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation