Προσδιορισμός κινδύνων έργων πληροφοριακών συστημάτων: θεωρία και μελέτη περίπτωσης
View/ Open
Subject
Διαχείριση κινδύνου -- Πληροφοριακά συστήματα ; Πληροφοριακά συστήματα -- Διοίκηση και οργάνωση ; Στρατηγικός σχεδιασμόςAbstract
Information Technology (IT) projects, especially those of large size and complexity, involve a variety of risks that threaten the success of their application. While most organizations now base a large part of their operation on information systems, the need for adequate security increases. Unfortunately, it is difficult to select the security measures needed to achieve satisfactory security. This thesis deals with the analysis and management of risks, a process that recognizes the security problems, sorts them based on their importance and, finally, proposes solutions to confront them. The aim of this paper is to analyze the risks involved in the development and implementation of an information system and the methods of identification and risk management. It targets, essentially, in a systematic literature review and comparative presentation of the methods mentioned above. It might, even, be said that an ultimate goal is the comparison of the academic status of risk analysis and management in relation to what is actually happening in the market. In addition, a case study is presented, which relates to the risk analysis and management of Information Security Management System (ISMS) of a Czech company.