Managing risks on critical IT systems in public service organizations
(2009) The 2009 IEEE International Conference on Privacy, Security, risk and Trust(PASSAT-09)/ Workshop on Software Security Process (SSP09) 3. p.470-475- Abstract
- Public service organizations rely on IT systems to fulfill their missions. IT incidents are more and more frequent and the impacts of IT incidents on the organizations are getting more severe. There is a strong need to manage risks on service related IT systems in public service organizations. Risk management process practiced in software development companies cannot be used in public service organizations directly, due to differences in business processes. This paper presents a risk management model for these kinds of organizations. The methods of using the model to manage risks are illustrated in an example where a number of identified risks are analyzed and risk reduction activities are identified. How to make risk management a... (More)
- Public service organizations rely on IT systems to fulfill their missions. IT incidents are more and more frequent and the impacts of IT incidents on the organizations are getting more severe. There is a strong need to manage risks on service related IT systems in public service organizations. Risk management process practiced in software development companies cannot be used in public service organizations directly, due to differences in business processes. This paper presents a risk management model for these kinds of organizations. The methods of using the model to manage risks are illustrated in an example where a number of identified risks are analyzed and risk reduction activities are identified. How to make risk management a continuous and regular event is also suggested. This model can be practiced by public service organizations directly and enrich their own risk list continuously. (Less)
Please use this url to cite or link to this publication:
https://lup.lub.lu.se/record/1485558
- author
- Li Helgesson, Yeni LU
- organization
- publishing date
- 2009
- type
- Chapter in Book/Report/Conference proceeding
- publication status
- published
- subject
- keywords
- Public service organizations, Risk management, Critical IT systems
- host publication
- 2009 International Conference on Computational Science and Engineering
- volume
- 3
- pages
- 470 - 475
- publisher
- IEEE - Institute of Electrical and Electronics Engineers Inc.
- conference name
- The 2009 IEEE International Conference on Privacy, Security, risk and Trust(PASSAT-09)/ Workshop on Software Security Process (SSP09)
- conference location
- Vancouver, Canada
- conference dates
- 2009-08-31
- external identifiers
-
- scopus:70849112709
- ISBN
- 978-0-7695-3823-5
- DOI
- 10.1109/CSE.2009.31
- project
- FRIVA
- language
- English
- LU publication?
- yes
- id
- 6af6eb20-1c78-48f7-9dc0-4f479ee11656 (old id 1485558)
- date added to LUP
- 2016-04-04 10:07:12
- date last changed
- 2022-01-29 19:48:17
@inproceedings{6af6eb20-1c78-48f7-9dc0-4f479ee11656, abstract = {{Public service organizations rely on IT systems to fulfill their missions. IT incidents are more and more frequent and the impacts of IT incidents on the organizations are getting more severe. There is a strong need to manage risks on service related IT systems in public service organizations. Risk management process practiced in software development companies cannot be used in public service organizations directly, due to differences in business processes. This paper presents a risk management model for these kinds of organizations. The methods of using the model to manage risks are illustrated in an example where a number of identified risks are analyzed and risk reduction activities are identified. How to make risk management a continuous and regular event is also suggested. This model can be practiced by public service organizations directly and enrich their own risk list continuously.}}, author = {{Li Helgesson, Yeni}}, booktitle = {{2009 International Conference on Computational Science and Engineering}}, isbn = {{978-0-7695-3823-5}}, keywords = {{Public service organizations; Risk management; Critical IT systems}}, language = {{eng}}, pages = {{470--475}}, publisher = {{IEEE - Institute of Electrical and Electronics Engineers Inc.}}, title = {{Managing risks on critical IT systems in public service organizations}}, url = {{http://dx.doi.org/10.1109/CSE.2009.31}}, doi = {{10.1109/CSE.2009.31}}, volume = {{3}}, year = {{2009}}, }