Abstract:
As Information Technology (IT) has become increasingly important to the competitive position of firms, managers have grown more sensitive to their organization’s overall IT risk management. Recent pUblicity concerning losses incurred by companies because of problems with their sophisticated information systems has focused attention on the importance of these systems to the organization. In an attempt to minimize or avoid such losses, managers are employing various qualitative and quantitative risk analysis methodologies. The risk analysis literature, however, suggests that these managers typically utilize a single methodology, not a combination of methodologies. This paper proposes a risk analysis process that employs a combination of qualitative and quantitative methodologies. This process should provide managers with a better approximation of their organization’s overall information technology risk posture. Practicing managers can use this proposed process as a guideline in formulating new risk analysis procedures and/or evaluating their current risk analysis procedures.
Key Words and Phrases:
Additional information
Notes on contributors
Rex Kelly Rainer
Rex Kelly Rainer, Jr., is Assistant Professor in the Department of Management at Auburn University. His research interests include executive information systems, end-user computing, and current technology underlying information systems. He has published in the Journal of Management Information Systems, and MIS Quarterly, among other journals.
Charles A. Snyder
Charles A. Snyder is Professor and head of the Department of Management at Auburn University. His research interests include information resource management, end-user computing, and telecommunications management. He has published in the Journal of Management Information Systems, Information and Management, the Academy of Management Review, as well as other journals.
Houston H. Carr
Houston H. Carr is Associate Professor of Management and Coordinator of MIS Programs at Auburn University. His research interests include end-user computing and telecommunications management. He has published in Journal of Management Information Systems, MIS Quarterly, and Information and Management, among other journals. He is the author of Managing End User Computing.