A DEA-Based Approach for Information Technology Risk Assessment through Risk IT Framework

A DEA-Based Approach for Information Technology Risk Assessment through Risk IT Framework

Seyed Hatefi1 and Mehdi Fasanghari2

1Faculty of Engineering, Shahrekord University, Iran

2Cyber Space Research Institute, North Karegar St., Iran

Abstract: The use of Information Technology (IT) in organizations is subject to various kinds of potential risks. Risk management is a key component of project management enables an organization to accomplish its mission(s). However, IT projects have often been found to be complex and risky to implement in organizations. The organizational relevance and risk of IT projects make it important for organizations to focus on ways in order to successfully implement IT projects. This paper focuses on the IT risk management, especially the risk assessment model and proposes a process oriented approach to risk management. To do this end, this paper applies the risk IT framework which has three main domains, i.e., risk governance, risk analysis, risk response and 9 key processes. Then, a set of scenarios, which can improve the maturity level of risk IT processes, are considered and the impact of each scenario on the risk IT processes is determined by the expert opinions. Finally, the Data Envelopment Analysis (DEA) is customized to evaluate improvement scenarios and select the best one. The proposed methodology is applied to the Iran Telecommunication Research Centre (ITRC) to improve the maturity level of its IT risk management processes.

Keywords: Risk IT framework, risk management, process model, DEA.

Received June 10, 2012; accepted September 11, 2013

Full Text

 

 

 

 

Read 1911 times Last modified on Wednesday, 03 August 2016 07:05
Share
Top
We use cookies to improve our website. By continuing to use this website, you are giving consent to cookies being used. More details…