Investigate parameters related to the risk management of information systems
Πετρίδης, Πέτρος Ν.
SubjectΠληροφοριακά συστήματα διοίκησης ; Διαχείριση κινδύνου -- Πληροφοριακά συστήματα ; Industrial management ; Operations research
Success in the business world, involves taking some risks. The systems that change the world today are very risky, but the payback is worth that risk and more. One needs to know how to manage risk. This includes how to identify risk sources, quantify risk parameters, and develop plans to handle risk. Risks are inevitable in IT projects and systems. The high failure rate of modern large IT projects and systems, such as those involving ERP, CRM and SCM, is largely due to senior management and project management’s failure to assess risks up front and to mitigate the causes of the greatest risks at the very start. An adequate analysis of potential risks can significantly increase the likelihood of success for a project and can justify money put aside for management reserves. Risk is the possibility of suffering loss. In IT, the loss may involve increased costs, longer completion times, reduced scope, reduced quality or reduced stakeholder satisfaction. Risk and opportunity are different sides of the same coin. Some IT projects advance the state of the art, and as such are more risky than those that do not. The opportunity for significant advancement cannot be done without significant risk. Risk is essential to progress, and failure is often a key part of learning. We must learn to balance the possible negative consequences of risk against the potential benefits of its associated opportunity. The aim of this dissertation is to study the area of risk management. In doing so, a model/tool will be developed and presented. The proposed model addresses the problems rise from managing Information Systems (IS). A Risk Tracking & Management tool will be developed, that will incorporate and materialize the model described helping to materialize various procedures of an organization and meet above goals. Challenges such as rapid alterations in system life cycle, is also addressed. The model will use inputs, processes and outputs that make risk management more efficiently applied and being a useful tool for senior management of an organization. Additionally the model will also base on installation off control measures, on a balance between the cost of controls and the need to reduce or eliminate possible threats.