Risk Analysis and Management of IT Systems: Practice and Challenges
(2018) 15th International Conference on Information Systems for Crisis Response and Management (ISCRAM) p.831-840- Abstract
- Risk analysis is important for safety-critical IT systems and services, both in public and private organizations. However, the actual practices and the challenges of risk analysis in these contexts have not been fully explored. This paper investigates the current practices of risk analysis by an interview-based investigation. This study investigates several factors of the risk analysis process, e.g., its importance, identification of critical resources, definitions of roles, involvement of different stakeholders, used methods, and follow-up analysis. Further more, this study also investigates existing challenges in the current practices of risk analysis. A number of challenges are identified,e.g., that risk analysis requires competence both... (More)
- Risk analysis is important for safety-critical IT systems and services, both in public and private organizations. However, the actual practices and the challenges of risk analysis in these contexts have not been fully explored. This paper investigates the current practices of risk analysis by an interview-based investigation. This study investigates several factors of the risk analysis process, e.g., its importance, identification of critical resources, definitions of roles, involvement of different stakeholders, used methods, and follow-up analysis. Further more, this study also investigates existing challenges in the current practices of risk analysis. A number of challenges are identified,e.g., that risk analysis requires competence both about the risk analysis procedures and the analyzed system,which is challenging to identify, and that it is challenging to follow-up and repeat a risk-analysis that is conducted. The identified challenges can be useful when new risk analysis methods are defined.
(Less) - Abstract (Swedish)
- Risk analysis is important for safety-critical IT systems and services, both in public and private organizations. However, the actual practices and the challenges of risk analysis in these contexts have not been fully explored. This paper investigates the current practices of risk analysis by an interview-based investigation. This study investigates several factors of the risk analysis process, e.g., its importance, identification of critical resources, definitions of roles, involvement of different stakeholders, used methods, and follow-up analysis. Furthermore, this study also investigates existing challenges in the current practices of risk analysis. A number of challenges are identified, e.g., that risk analysis requires competence... (More)
- Risk analysis is important for safety-critical IT systems and services, both in public and private organizations. However, the actual practices and the challenges of risk analysis in these contexts have not been fully explored. This paper investigates the current practices of risk analysis by an interview-based investigation. This study investigates several factors of the risk analysis process, e.g., its importance, identification of critical resources, definitions of roles, involvement of different stakeholders, used methods, and follow-up analysis. Furthermore, this study also investigates existing challenges in the current practices of risk analysis. A number of challenges are identified, e.g., that risk analysis requires competence both about the risk analysis procedures and the analyzed system, which is challenging to identify, and that it is challenging to follow-up and repeat a risk-analysis that is conducted. The identified challenges can be useful when new risk analysis methods are defined. (Less)
Please use this url to cite or link to this publication:
https://lup.lub.lu.se/record/f4167bd0-60e6-4079-8080-44ecffccb0e9
- author
- Sulaman, Sardar Muhammad LU and Höst, Martin LU
- organization
- publishing date
- 2018-05-20
- type
- Chapter in Book/Report/Conference proceeding
- publication status
- published
- subject
- host publication
- 15th International Conference on Information Systems for Crisis Response and Management (ISCRAM)
- pages
- 831 - 840
- publisher
- ISCRAM
- conference name
- 15th International Conference on Information Systems for Crisis Response and Management (ISCRAM)
- conference location
- Rochester, NY, United States
- conference dates
- 2018-05-20 - 2018-05-23
- external identifiers
-
- scopus:85060684038
- ISBN
- 978-0-692-12760-5
- language
- English
- LU publication?
- yes
- id
- f4167bd0-60e6-4079-8080-44ecffccb0e9
- date added to LUP
- 2018-05-22 19:17:00
- date last changed
- 2022-05-03 03:18:22
@inproceedings{f4167bd0-60e6-4079-8080-44ecffccb0e9, abstract = {{Risk analysis is important for safety-critical IT systems and services, both in public and private organizations. However, the actual practices and the challenges of risk analysis in these contexts have not been fully explored. This paper investigates the current practices of risk analysis by an interview-based investigation. This study investigates several factors of the risk analysis process, e.g., its importance, identification of critical resources, definitions of roles, involvement of different stakeholders, used methods, and follow-up analysis. Further more, this study also investigates existing challenges in the current practices of risk analysis. A number of challenges are identified,e.g., that risk analysis requires competence both about the risk analysis procedures and the analyzed system,which is challenging to identify, and that it is challenging to follow-up and repeat a risk-analysis that is conducted. The identified challenges can be useful when new risk analysis methods are defined.<br/>}}, author = {{Sulaman, Sardar Muhammad and Höst, Martin}}, booktitle = {{15th International Conference on Information Systems for Crisis Response and Management (ISCRAM)}}, isbn = {{978-0-692-12760-5}}, language = {{eng}}, month = {{05}}, pages = {{831--840}}, publisher = {{ISCRAM}}, title = {{Risk Analysis and Management of IT Systems: Practice and Challenges}}, year = {{2018}}, }