Advanced

Risk Analysis and Management of IT Systems: Practice and Challenges

Sulaman, Sardar Muhammad LU and Höst, Martin LU (2018) 15th International Conference on Information Systems for Crisis Response and Management (ISCRAM) In 15th International Conference on Information Systems for Crisis Response and Management (ISCRAM) p.831-840
Abstract (Swedish)
Risk analysis is important for safety-critical IT systems and services, both in public and private organizations. However, the actual practices and the challenges of risk analysis in these contexts have not been fully explored. This paper investigates the current practices of risk analysis by an interview-based investigation. This study investigates several factors of the risk analysis process, e.g., its importance, identification of critical resources, definitions of roles, involvement of different stakeholders, used methods, and follow-up analysis. Furthermore, this study also investigates existing challenges in the current practices of risk analysis. A number of challenges are identified, e.g., that risk analysis requires competence... (More)
Risk analysis is important for safety-critical IT systems and services, both in public and private organizations. However, the actual practices and the challenges of risk analysis in these contexts have not been fully explored. This paper investigates the current practices of risk analysis by an interview-based investigation. This study investigates several factors of the risk analysis process, e.g., its importance, identification of critical resources, definitions of roles, involvement of different stakeholders, used methods, and follow-up analysis. Furthermore, this study also investigates existing challenges in the current practices of risk analysis. A number of challenges are identified, e.g., that risk analysis requires competence both about the risk analysis procedures and the analyzed system, which is challenging to identify, and that it is challenging to follow-up and repeat a risk-analysis that is conducted. The identified challenges can be useful when new risk analysis methods are defined. (Less)
Abstract
Risk analysis is important for safety-critical IT systems and services, both in public and private organizations. However, the actual practices and the challenges of risk analysis in these contexts have not been fully explored. This paper investigates the current practices of risk analysis by an interview-based investigation. This study investigates several factors of the risk analysis process, e.g., its importance, identification of critical resources, definitions of roles, involvement of different stakeholders, used methods, and follow-up analysis. Further more, this study also investigates existing challenges in the current practices of risk analysis. A number of challenges are identified,e.g., that risk analysis requires competence both... (More)
Risk analysis is important for safety-critical IT systems and services, both in public and private organizations. However, the actual practices and the challenges of risk analysis in these contexts have not been fully explored. This paper investigates the current practices of risk analysis by an interview-based investigation. This study investigates several factors of the risk analysis process, e.g., its importance, identification of critical resources, definitions of roles, involvement of different stakeholders, used methods, and follow-up analysis. Further more, this study also investigates existing challenges in the current practices of risk analysis. A number of challenges are identified,e.g., that risk analysis requires competence both about the risk analysis procedures and the analyzed system,which is challenging to identify, and that it is challenging to follow-up and repeat a risk-analysis that is conducted. The identified challenges can be useful when new risk analysis methods are defined.
(Less)
Please use this url to cite or link to this publication:
author
organization
publishing date
type
Chapter in Book/Report/Conference proceeding
publication status
published
subject
in
15th International Conference on Information Systems for Crisis Response and Management (ISCRAM)
pages
831 - 840
publisher
ISCRAM
conference name
15th International Conference on Information Systems for Crisis Response and Management (ISCRAM)
ISBN
978-0-692-12760-5
language
English
LU publication?
yes
id
f4167bd0-60e6-4079-8080-44ecffccb0e9
date added to LUP
2018-05-22 19:17:00
date last changed
2018-05-29 09:34:13
@inproceedings{f4167bd0-60e6-4079-8080-44ecffccb0e9,
  abstract     = {Risk analysis is important for safety-critical IT systems and services, both in public and private organizations. However, the actual practices and the challenges of risk analysis in these contexts have not been fully explored. This paper investigates the current practices of risk analysis by an interview-based investigation. This study investigates several factors of the risk analysis process, e.g., its importance, identification of critical resources, definitions of roles, involvement of different stakeholders, used methods, and follow-up analysis. Further more, this study also investigates existing challenges in the current practices of risk analysis. A number of challenges are identified,e.g., that risk analysis requires competence both about the risk analysis procedures and the analyzed system,which is challenging to identify, and that it is challenging to follow-up and repeat a risk-analysis that is conducted. The identified challenges can be useful when new risk analysis methods are defined.<br/>},
  author       = {Sulaman, Sardar Muhammad and Höst, Martin},
  booktitle    = {15th International Conference on Information Systems for Crisis Response and Management (ISCRAM)},
  isbn         = {978-0-692-12760-5},
  language     = {eng},
  month        = {05},
  pages        = {831--840},
  publisher    = {ISCRAM},
  title        = {Risk Analysis and Management of IT Systems: Practice and Challenges},
  year         = {2018},
}