首页    期刊浏览 2024年11月28日 星期四
登录注册

文章基本信息

  • 标题:IT Risk Management: A Capability Maturity Model Perspective
  • 本地全文:下载
  • 作者:Val Hooper anMarian Carcaryd Tarika Kalidas
  • 期刊名称:Electronic Journal of Information Systems Evaluation
  • 电子版ISSN:1566-6379
  • 出版年度:2013
  • 卷号:16
  • 期号:1
  • 页码:3-13
  • 出版社:Academic Conferences Limited
  • 摘要:Understanding the value derived from IT investments and IT enabled operational improvements is difficult, and has been a subject of research and debate among ICT practitioners and academics for many years. This is particularly so because innovat ive technological developments have supported transformative changes in organizational operational activities. Research continues to investigate approaches to not only understanding the value derived by IT but also to optimizing this value. One of the key aspects of optimizing IT‑driven value is the requirement to effectively manage risk. The continual evolution of the IT risk landscape requires effective Risk Management (RM) practices for all IT risk areas, such as, but not limited to security, investm ents, service contracts, data protection and information privacy. Effectively managing these risk areas pose specific concerns from the perspective of Chief Information Officers (CIOs) and Chief Risk Officers (CROs). Hence, significant considerations should be given to not only the processes involved in assessing, prioritizing, handling and monitoring these risks but also to ensuring the development of an appropriate risk culture and the establishment of effective RM governance structures, to support effective RM. This paper examines the maturity model/framework approach to improving an organizations IT capabilities, with specific reference to effectively managing IT‑related risks, and increasing value derived over time. A new IT Risk Management mat urity model is presented; this framework is part of the IT Capability Maturity Framework (IT CMF) which supports value‑driven IT management practices. It was developed by the Innovation Value Institute at the National University of Ireland Maynooth, fol lowing a design science and open innovation research approach. The IT CMF, consisting of 33 Critical Capabilities, focuses on maturing key activities of the IT organization. The Risk Management Critical Capability presented in this paper enables organizat ions to determine their IT RM maturity and identify key recommendations in specific areas to improve maturity overtime. Thereafter the paper presents an analysis of the maturity model approach to managing risk, to improving an organizations IT capabiliti es, and to deriving enterprise‑wide value from more mature IT practices.
  • 关键词:IT risks ; IT risk management ; maturity model ; IT CMF ; critical capability ; RM practices ; outcomes and metrics
国家哲学社会科学文献中心版权所有