INF80043 Sem 1 2019: Executive Briefing Paper - IS/IT Risk Management
VerifiedAdded on 2023/04/12
|13
|2890
|314
Report
AI Summary
This executive briefing paper provides a comprehensive analysis of IS/IT risk management for Banksia Pathology. It begins with an executive summary and introduction highlighting the importance of cyber security for the company, emphasizing the need for data protection and efficient business process management within Banksia's different departments and customer data. The paper then delves into the management of cyber security risks, stressing the necessity of IT audits to identify vulnerabilities and the implementation of control implementation models. It further discusses resilience and preparedness, including technological resilience and the need for board-level oversight of cyber security strategies. The paper presents key aspects of IS/IT risk management, including financial and social responsibilities, and legislative proposals. The report culminates in recommendations for Banksia, such as developing data centers, establishing a team to monitor suspicious activities, and managing all risk control using information to enhance the overall cyber security posture of the organization. References are included to support the findings and recommendations.
Running Head: IS/IT Risk Management 0
IS/IT Risk Management
Executive Briefing Paper
Student name
IS/IT Risk Management
Executive Briefing Paper
Student name
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
IS/IT Risk Management 1
For Senior Executive Team of Banksia Pathology
Improving Banksia’s Cyber Resilience as an Executive/Board-level Responsibility
May 5, 2019
Executive Summary
The Information System (IS) requires for managing different operations of company. In addition, it is the
best way to manage different business processes of company in an efficient way. Banksia Pathology has
different departments in their labs. The company has many data of their customers and business
processes, such as payment details. Therefore, it is necessary to implement proper security and privacy
of their data and information using cyber security.
This executive briefing paper will describe about the improvement in Banksia’s cyber security and
resilience of it. The company can find different risk of their system and make proper risk management
and control to avoid huge losses to the organization.
For Senior Executive Team of Banksia Pathology
Improving Banksia’s Cyber Resilience as an Executive/Board-level Responsibility
May 5, 2019
Executive Summary
The Information System (IS) requires for managing different operations of company. In addition, it is the
best way to manage different business processes of company in an efficient way. Banksia Pathology has
different departments in their labs. The company has many data of their customers and business
processes, such as payment details. Therefore, it is necessary to implement proper security and privacy
of their data and information using cyber security.
This executive briefing paper will describe about the improvement in Banksia’s cyber security and
resilience of it. The company can find different risk of their system and make proper risk management
and control to avoid huge losses to the organization.
IS/IT Risk Management 2
Table of Contents
Executive Summary.....................................................................................................................................1
Introduction.................................................................................................................................................3
Importance of cyber security in Banksia:.....................................................................................................3
Management of Cyber security Risks.......................................................................................................5
Resilience and Preparedness...................................................................................................................6
Improving Banksia’s Cyber Resilience..........................................................................................................7
Key aspects of IS/IT Risk Management........................................................................................................8
Legislative Proposals and Actions............................................................................................................8
Recommendations.......................................................................................................................................9
Conclusion...................................................................................................................................................9
References.................................................................................................................................................11
Table of Contents
Executive Summary.....................................................................................................................................1
Introduction.................................................................................................................................................3
Importance of cyber security in Banksia:.....................................................................................................3
Management of Cyber security Risks.......................................................................................................5
Resilience and Preparedness...................................................................................................................6
Improving Banksia’s Cyber Resilience..........................................................................................................7
Key aspects of IS/IT Risk Management........................................................................................................8
Legislative Proposals and Actions............................................................................................................8
Recommendations.......................................................................................................................................9
Conclusion...................................................................................................................................................9
References.................................................................................................................................................11
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
IS/IT Risk Management 3
Introduction
Information System is base of a company to manage their different operations, such as purchase, billing,
payroll, and customer’s records. It provides better facility to manage different resources in proper way
with high performance. Cyber security is necessary to secure data and information of company at their
computer systems and information systems. Most of the countries are created rule and regulations for
data and information security, such as Australia, China, India, UK, USA, and many others (ACSC,
Australian Cyber Security Centre, 2017). The Australian government and ACSC provide eight strategies to
mitigate cyber security incidents, such as cyber-attacks, spamming, and many more (ACSC, Strategies to
Mitigate Cyber Security Incidents, 2019). This executive briefing paper will describe about the role of
cyber security in a company and its benefits to the company in long-terms. It will also provide
recommendation for Banksia Pathology to improve their cyber security and make it better to secure
their resources and data.
Importance of cyber security in Banksia:
A macro level company is having a huge amount of data from different business processes. Therefore, it
is necessary to use cyber security to protect their data and information at their computer systems and
other information systems, such as Management Information System (MIS), Decision Management
System (DMS), Transaction Management System (TMS), and many others. Therefore, the company must
evaluate their cyber security risk to protect their intellectual properties from cyber-attacks (Andrijcic &
Horowitz, 2016, p. 907). According to (Arlitsch & Edelman, 2014, p. 46), always stay safe from cyber-
attacks using proper cyber security of information systems. In addition, cyber security can secure
reputation of the organization from different types of cyber-crimes, such as data breaches, ransom, and
many others.
The company should make a risk ranking based on their effects on the operations and make proper risk
controls to mitigate those risks in proper way, if they occur in the system (Baccarini & Archer, 2001, p.
139). There are different types of risks are present in the information systems, which are happened
because of different types of vulnerabilities in the system. Therefore, it is necessary to find
vulnerabilities of the system and make them fix using proper risk management (Bird, 2018).
Introduction
Information System is base of a company to manage their different operations, such as purchase, billing,
payroll, and customer’s records. It provides better facility to manage different resources in proper way
with high performance. Cyber security is necessary to secure data and information of company at their
computer systems and information systems. Most of the countries are created rule and regulations for
data and information security, such as Australia, China, India, UK, USA, and many others (ACSC,
Australian Cyber Security Centre, 2017). The Australian government and ACSC provide eight strategies to
mitigate cyber security incidents, such as cyber-attacks, spamming, and many more (ACSC, Strategies to
Mitigate Cyber Security Incidents, 2019). This executive briefing paper will describe about the role of
cyber security in a company and its benefits to the company in long-terms. It will also provide
recommendation for Banksia Pathology to improve their cyber security and make it better to secure
their resources and data.
Importance of cyber security in Banksia:
A macro level company is having a huge amount of data from different business processes. Therefore, it
is necessary to use cyber security to protect their data and information at their computer systems and
other information systems, such as Management Information System (MIS), Decision Management
System (DMS), Transaction Management System (TMS), and many others. Therefore, the company must
evaluate their cyber security risk to protect their intellectual properties from cyber-attacks (Andrijcic &
Horowitz, 2016, p. 907). According to (Arlitsch & Edelman, 2014, p. 46), always stay safe from cyber-
attacks using proper cyber security of information systems. In addition, cyber security can secure
reputation of the organization from different types of cyber-crimes, such as data breaches, ransom, and
many others.
The company should make a risk ranking based on their effects on the operations and make proper risk
controls to mitigate those risks in proper way, if they occur in the system (Baccarini & Archer, 2001, p.
139). There are different types of risks are present in the information systems, which are happened
because of different types of vulnerabilities in the system. Therefore, it is necessary to find
vulnerabilities of the system and make them fix using proper risk management (Bird, 2018).
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
IS/IT Risk Management 4
There is much type of risks in the company, which can be handling by the managers and other staff
members. However, some critical issues can only solved by the board members, such as cyber-attacks.
Therefore, it is necessary to make cyber security in main concern and make proper risk controls to
manage crisis of cyber-attacks. The board of company should manage these types of crisis management
using cyber security ( Burnell-Nugent, 2019).
Source: ( Burnell-Nugent, 2019)
Present era is based on the data and information. In addition, privacy and security are two big concern
of the company and it is highly required to manage data and information of customers (Bélanger &
Crossler, 2011, p. 1017).
There is a proper format to manage risk, issues, and crisis in the company. Banksia should analyze their
risks, which are related to their information system, understand those risks, and provide proper
preventions of those risks. In addition, respond to those issues and make a backup plan to keep business
running. The company should always learn from those crises and rebuild new controls for future.
Information system provides many benefits to the company and it can increase value of company in
existing market. Therefore, it requires managing proper cyber security to secure information assets and
intellectual properties of the company (Dhillon & Torkzadeh, 2006, p. 293).
The board members should focus on the risk and make proper controls to mitigate risks of information
system using tools and techniques for business continuity. Crisis resilience is a responsibility of the
board members (Gelles, 2019).
There is much type of risks in the company, which can be handling by the managers and other staff
members. However, some critical issues can only solved by the board members, such as cyber-attacks.
Therefore, it is necessary to make cyber security in main concern and make proper risk controls to
manage crisis of cyber-attacks. The board of company should manage these types of crisis management
using cyber security ( Burnell-Nugent, 2019).
Source: ( Burnell-Nugent, 2019)
Present era is based on the data and information. In addition, privacy and security are two big concern
of the company and it is highly required to manage data and information of customers (Bélanger &
Crossler, 2011, p. 1017).
There is a proper format to manage risk, issues, and crisis in the company. Banksia should analyze their
risks, which are related to their information system, understand those risks, and provide proper
preventions of those risks. In addition, respond to those issues and make a backup plan to keep business
running. The company should always learn from those crises and rebuild new controls for future.
Information system provides many benefits to the company and it can increase value of company in
existing market. Therefore, it requires managing proper cyber security to secure information assets and
intellectual properties of the company (Dhillon & Torkzadeh, 2006, p. 293).
The board members should focus on the risk and make proper controls to mitigate risks of information
system using tools and techniques for business continuity. Crisis resilience is a responsibility of the
board members (Gelles, 2019).
IS/IT Risk Management 5
Source: (Gelles, 2019)
In addition, the board members should consider three things, which are organizational, cultural, and
technological. Technological things are so important for the company from performance and growth
point of view.
Moreover, Data breaches can make a huge impact on reputation of the company. as customers makes a
faith in their services and they provide their personal data to store in their information systems, such as
email ID, phone number, address, credit card details and many others (Hogan & Lodhia, 2013, p. 269).
The company should use proper information security management standards to secure their
information systems, such as ISO/IEC 27001 and many more (Humphreys, 2008, p. 247).
Management of Cyber security Risks
Banksia should make an IT audit to identify their vulnerabilities and threats of information systems,
which can used to mitigate all the risks of companies. The company should follow control
implementation model to secure their data and information and financial conditions as well as
reputation in the market (Kassa, 2017).
In addition, Ethics matters a lot for customers as well as for the company. They should make efforts
towards ethical information system, which secure personal information of customers (Mingers &
Walsham, 2010, p. 833).
Source: (Gelles, 2019)
In addition, the board members should consider three things, which are organizational, cultural, and
technological. Technological things are so important for the company from performance and growth
point of view.
Moreover, Data breaches can make a huge impact on reputation of the company. as customers makes a
faith in their services and they provide their personal data to store in their information systems, such as
email ID, phone number, address, credit card details and many others (Hogan & Lodhia, 2013, p. 269).
The company should use proper information security management standards to secure their
information systems, such as ISO/IEC 27001 and many more (Humphreys, 2008, p. 247).
Management of Cyber security Risks
Banksia should make an IT audit to identify their vulnerabilities and threats of information systems,
which can used to mitigate all the risks of companies. The company should follow control
implementation model to secure their data and information and financial conditions as well as
reputation in the market (Kassa, 2017).
In addition, Ethics matters a lot for customers as well as for the company. They should make efforts
towards ethical information system, which secure personal information of customers (Mingers &
Walsham, 2010, p. 833).
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
IS/IT Risk Management 6
Resilience and Preparedness
The company should make proper resilience of cyber security to manage their information system. In
addition, technological resilience is necessary to manage their cyber security. The board should
understand whether top management and senior managers are incorporating resilience into cyber
security strategies (Gelles, 2019).
In addition, it is necessary to find out operational risk using risk assessment of the organziation, which is
helpful for finding different vulnerabilities and threats of information system of the company. therefore,
it is highly required to resilience different processes of security of the company ( Parsons, 2016 ).
In addition, small and medium-sized enterprises (SMEs) are having different types of vulnerabilities
because of less cost and time to implement fully protected and cyber security enabled system to secure
their information system (Gupta & Hammond, 2005, p. 301).
To accomplish that, directors may additionally are seeking for to recognize how the maximum essential
data or that most important to the commercial enterprise’s success. The board members should manage
and overview about the security concern and its impacts on the company. In addition, different Internet
of Things based devices are used to collect data. Therefore, it is required to secure them using physical
and logical security (Bird, 2018).
There are many risks in implementation and management of information system and it is necessary to
manage inherent risk of information system. In addition, it is necessary to manage different audits for
cyber security and information security of systems (Taylor, 2009, p. 693).
Moreover, it is necessary to make a quality services in information system and information technology.
The quality devices and systems are making whole system better. Therefore, it is necessary to manage
all the things in proper way and outsource better quality software to manage different business
processes of the company (Swar, Moon, Oh, & Rhee, 2012, p. 459).
Improving Banksia’s Cyber Resilience
The maximum advanced groups have also created a leadership shape for disaster control, typically in
three levels: tactical, operational, and strategic. The company should manage their information systems
as well as cyber security to handle critical risks of the company. In addition, the company should
improve their cyber security using proper audit of tangible and intangible resources.
Resilience and Preparedness
The company should make proper resilience of cyber security to manage their information system. In
addition, technological resilience is necessary to manage their cyber security. The board should
understand whether top management and senior managers are incorporating resilience into cyber
security strategies (Gelles, 2019).
In addition, it is necessary to find out operational risk using risk assessment of the organziation, which is
helpful for finding different vulnerabilities and threats of information system of the company. therefore,
it is highly required to resilience different processes of security of the company ( Parsons, 2016 ).
In addition, small and medium-sized enterprises (SMEs) are having different types of vulnerabilities
because of less cost and time to implement fully protected and cyber security enabled system to secure
their information system (Gupta & Hammond, 2005, p. 301).
To accomplish that, directors may additionally are seeking for to recognize how the maximum essential
data or that most important to the commercial enterprise’s success. The board members should manage
and overview about the security concern and its impacts on the company. In addition, different Internet
of Things based devices are used to collect data. Therefore, it is required to secure them using physical
and logical security (Bird, 2018).
There are many risks in implementation and management of information system and it is necessary to
manage inherent risk of information system. In addition, it is necessary to manage different audits for
cyber security and information security of systems (Taylor, 2009, p. 693).
Moreover, it is necessary to make a quality services in information system and information technology.
The quality devices and systems are making whole system better. Therefore, it is necessary to manage
all the things in proper way and outsource better quality software to manage different business
processes of the company (Swar, Moon, Oh, & Rhee, 2012, p. 459).
Improving Banksia’s Cyber Resilience
The maximum advanced groups have also created a leadership shape for disaster control, typically in
three levels: tactical, operational, and strategic. The company should manage their information systems
as well as cyber security to handle critical risks of the company. In addition, the company should
improve their cyber security using proper audit of tangible and intangible resources.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
IS/IT Risk Management 7
An information system is playing a key role in the company to manage three things of the company,
which are operations, controls, and decisions. In addition, these are the basic requirements of the
company and it is a responsibility of company to manage those things in well-mannered way ( Markgraf,
2018).
According to (Merna & Al-Thani, 2011), corporate risk management is also necessary for the company to
manage their growth and success. There are many forces, which makes a fear to manage different
operations of the company. Beside it, inherent risks affect the performance of the company, as a single
risk can make a bad image in the market. Therefore, it is compensatory to secure information system
from cyber-attacks (Messier Jr & Austen, 2000, p. 119).
Key aspects of IS/IT Risk Management
Based on recent Deloitte survey of over five hundred crisis management executives, most of them are
uses mobilization of their crisis management teams at least once in the past 2 years, with cyber, privacy
and safety incidents topping the number of crises requiring management intervention (Dent, Woo, &
Cudworth, 2018).
Banksia can face financial risk from cyber-attacks, as their information system is managing billing of
different processes. The company takes money from customers using information systems. Therefore,
anyone can hack the whole systems and change their financial data, which will be a huge loss to the
Banksia (Christoffersen, 2011).
Banksia is a health sector company and provides details about the health of people. Therefore, it is a
social responsibility of the company to secure patient’s persona information from different cyber-attacks
(Cvetkovich & Earle, 2013).
The company is having a good reputation in the market. Therefore, it is necessary to manage all the
things in proper way to take competitive advantage in current market. It can be change by the board of
members using top management involvement.
Legislative Proposals and Actions
The company should implement proper security and controls using rules and regulations based on the
local and national government laws. The company must follow all the laws, rule of local and national
An information system is playing a key role in the company to manage three things of the company,
which are operations, controls, and decisions. In addition, these are the basic requirements of the
company and it is a responsibility of company to manage those things in well-mannered way ( Markgraf,
2018).
According to (Merna & Al-Thani, 2011), corporate risk management is also necessary for the company to
manage their growth and success. There are many forces, which makes a fear to manage different
operations of the company. Beside it, inherent risks affect the performance of the company, as a single
risk can make a bad image in the market. Therefore, it is compensatory to secure information system
from cyber-attacks (Messier Jr & Austen, 2000, p. 119).
Key aspects of IS/IT Risk Management
Based on recent Deloitte survey of over five hundred crisis management executives, most of them are
uses mobilization of their crisis management teams at least once in the past 2 years, with cyber, privacy
and safety incidents topping the number of crises requiring management intervention (Dent, Woo, &
Cudworth, 2018).
Banksia can face financial risk from cyber-attacks, as their information system is managing billing of
different processes. The company takes money from customers using information systems. Therefore,
anyone can hack the whole systems and change their financial data, which will be a huge loss to the
Banksia (Christoffersen, 2011).
Banksia is a health sector company and provides details about the health of people. Therefore, it is a
social responsibility of the company to secure patient’s persona information from different cyber-attacks
(Cvetkovich & Earle, 2013).
The company is having a good reputation in the market. Therefore, it is necessary to manage all the
things in proper way to take competitive advantage in current market. It can be change by the board of
members using top management involvement.
Legislative Proposals and Actions
The company should implement proper security and controls using rules and regulations based on the
local and national government laws. The company must follow all the laws, rule of local and national
IS/IT Risk Management 8
government to implements, and operate information system and collecting personal data and
information of patients in their system for research and other purposes ( Parsons, 2016 ).
Furthermore, it is not necessary to implement all the features of cyber security but it is highly required
to implement required features of cyber security to insure information system from cyber-attacks. In
addition, national governments are strict about the collection of personal information of patients for
research and other purposes (NCSC, 2019).
Recommendations
The company must follow the recommendation to secure their information system from cyber-attacks
using cyber security. As a part of their oversight obligation, forums are trying to find to help
management in carrying out these duties. However, regardless of how organized an agency is, and no
matter the ranges of control attentiveness and board oversight, crises will occur because of different
vulnerabilities (Zhang, Wuwong, Li, & Zhang, 2010, p. 1328).
In addition, organization should have attention from information system to cyber security, as both
information security and cyber security are interlinked with each other. However, hackers can hack
whole system using vulnerabilities of the system. Therefore, it is necessary to manage proper cyber
security of the organization (Von Solms & Van Niekerk, 2013, p. 97).
There are few recommendations for Banksia, which are as follows:
1. Develop data centres to secure and backup the data and information of the company and
customers
2. Establish a team to protect whole system from different types of cyber-attacks and monitor
suspicious activities
3. Manage all the risk control using information systems and protect all the processes from proper
authentication
4. Creates new innovations to manage future risks of the information system
5. Implement international standards of cyber security, such as ISO/IEC 27001, and many others
6. The company must develop a training and education program to aware about cyber-attacks
7. Employees should learn about the recent activities of cybercrimes and cyber-attacks to provide
fast response to mangers to manage critical situations
8. Manage different locations using virtual private network with proper cyber security.
government to implements, and operate information system and collecting personal data and
information of patients in their system for research and other purposes ( Parsons, 2016 ).
Furthermore, it is not necessary to implement all the features of cyber security but it is highly required
to implement required features of cyber security to insure information system from cyber-attacks. In
addition, national governments are strict about the collection of personal information of patients for
research and other purposes (NCSC, 2019).
Recommendations
The company must follow the recommendation to secure their information system from cyber-attacks
using cyber security. As a part of their oversight obligation, forums are trying to find to help
management in carrying out these duties. However, regardless of how organized an agency is, and no
matter the ranges of control attentiveness and board oversight, crises will occur because of different
vulnerabilities (Zhang, Wuwong, Li, & Zhang, 2010, p. 1328).
In addition, organization should have attention from information system to cyber security, as both
information security and cyber security are interlinked with each other. However, hackers can hack
whole system using vulnerabilities of the system. Therefore, it is necessary to manage proper cyber
security of the organization (Von Solms & Van Niekerk, 2013, p. 97).
There are few recommendations for Banksia, which are as follows:
1. Develop data centres to secure and backup the data and information of the company and
customers
2. Establish a team to protect whole system from different types of cyber-attacks and monitor
suspicious activities
3. Manage all the risk control using information systems and protect all the processes from proper
authentication
4. Creates new innovations to manage future risks of the information system
5. Implement international standards of cyber security, such as ISO/IEC 27001, and many others
6. The company must develop a training and education program to aware about cyber-attacks
7. Employees should learn about the recent activities of cybercrimes and cyber-attacks to provide
fast response to mangers to manage critical situations
8. Manage different locations using virtual private network with proper cyber security.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
IS/IT Risk Management 9
Conclusion
In conclusion, cybersecurity is main concern and the board member should put different technological
questions in front of management to resilience cybersecurity and different methods, which can provide
security and privacy to persona data and information of customers. Similarly, to understanding the
business enterprise’s risks and response skills, it is necessary to create proper risk controls.
Administrators can undertake to find out about leading practices round proactive risk control, disaster
management, cyber threat, physical protection, succession making plans, and culture risk. Doing so
cannot simplest permit administrators and control to enhance their resilience.
Managers cannot anticipate that the organization’s static threat control strategies and un-examined.
From last, few years’ antique response plans will hold the organization walking inside the age of
exponential trade. The company should implement advanced cyber security features and a team to
monitor suspicious activities in the network of the company. The board member should take advice
from employees and experts to implement cyber security in the company. Improving cyber resilience of
the company will provide long-term benefits to the company in terms of growth and success. It will
provide better results in terms of profit and performance of the company.
Finally, it is concluded that information system should have cyber security and the board of members
must consider different risks from cyber-attacks and other things to protect data and personal
information of customers. Banksia will get better results from cyber resilience and improvement of
different business processes. It will provide productive changes in their business processes.
Conclusion
In conclusion, cybersecurity is main concern and the board member should put different technological
questions in front of management to resilience cybersecurity and different methods, which can provide
security and privacy to persona data and information of customers. Similarly, to understanding the
business enterprise’s risks and response skills, it is necessary to create proper risk controls.
Administrators can undertake to find out about leading practices round proactive risk control, disaster
management, cyber threat, physical protection, succession making plans, and culture risk. Doing so
cannot simplest permit administrators and control to enhance their resilience.
Managers cannot anticipate that the organization’s static threat control strategies and un-examined.
From last, few years’ antique response plans will hold the organization walking inside the age of
exponential trade. The company should implement advanced cyber security features and a team to
monitor suspicious activities in the network of the company. The board member should take advice
from employees and experts to implement cyber security in the company. Improving cyber resilience of
the company will provide long-term benefits to the company in terms of growth and success. It will
provide better results in terms of profit and performance of the company.
Finally, it is concluded that information system should have cyber security and the board of members
must consider different risks from cyber-attacks and other things to protect data and personal
information of customers. Banksia will get better results from cyber resilience and improvement of
different business processes. It will provide productive changes in their business processes.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
IS/IT Risk Management 10
References
Burnell-Nugent, J. (2019). The role of the board in crisis management. Retrieved April 29, 2019, from
https://www2.deloitte.com/uk/en/pages/risk/articles/the-boards-role-in-a-crisis.html
Markgraf, B. (2018). The Three Fundamental Roles of Information Systems in Business. Retrieved March
10, 2019, from https://yourbusiness.azcentral.com/three-fundamental-roles-information-
systems-business-23383.html
Parsons, E. (2016 , December 21). Risk Assessment: A Practical Guide to Assessing Operational Risk.
Retrieved from slideplayer.com: https://slideplayer.com/slide/10726147/
ACSC. (2017). Australian Cyber Security Centre. Retrieved December 12, 2018, from
https://www.acsc.gov.au/publications/ACSC_Threat_Report_2017.pdf
ACSC. (2019). Strategies to Mitigate Cyber Security Incidents. Retrieved from acsc.gov.au:
https://acsc.gov.au/infosec/mitigationstrategies.htm
Andrijcic, E., & Horowitz, B. (2016). A Macro Economic Framework for Evaluation of Cyber Security Risks‐
Related to Protection of Intellectual Property. Risk analysis, 26(4), 907-923.
Arlitsch, K., & Edelman, A. (2014). Staying safe: Cyber security for people and organizations. Journal of
Library Administration, 54(1), 46-56. Retrieved from
https://www.tandfonline.com/doi/abs/10.1080/01930826.2014.893116?journalCode=wjla20
Baccarini, D., & Archer, R. (2001). The risk ranking of projects: a methodology. International Journal of
Project Management, 19(3), 139-145.
Bélanger, F., & Crossler, R. E. (2011). Privacy in the digital age: a review of information privacy research
in information systems. MIS quarterly, 35(4), 1017-1042.
Bird, D. (2018). Information Security risk considerations for the processing of IoT sourced data in the
Public Cloud. doi:10.1049/cp.2018.0040
Christoffersen, P. (2011). Elements of financial risk management. Academic Press.
References
Burnell-Nugent, J. (2019). The role of the board in crisis management. Retrieved April 29, 2019, from
https://www2.deloitte.com/uk/en/pages/risk/articles/the-boards-role-in-a-crisis.html
Markgraf, B. (2018). The Three Fundamental Roles of Information Systems in Business. Retrieved March
10, 2019, from https://yourbusiness.azcentral.com/three-fundamental-roles-information-
systems-business-23383.html
Parsons, E. (2016 , December 21). Risk Assessment: A Practical Guide to Assessing Operational Risk.
Retrieved from slideplayer.com: https://slideplayer.com/slide/10726147/
ACSC. (2017). Australian Cyber Security Centre. Retrieved December 12, 2018, from
https://www.acsc.gov.au/publications/ACSC_Threat_Report_2017.pdf
ACSC. (2019). Strategies to Mitigate Cyber Security Incidents. Retrieved from acsc.gov.au:
https://acsc.gov.au/infosec/mitigationstrategies.htm
Andrijcic, E., & Horowitz, B. (2016). A Macro Economic Framework for Evaluation of Cyber Security Risks‐
Related to Protection of Intellectual Property. Risk analysis, 26(4), 907-923.
Arlitsch, K., & Edelman, A. (2014). Staying safe: Cyber security for people and organizations. Journal of
Library Administration, 54(1), 46-56. Retrieved from
https://www.tandfonline.com/doi/abs/10.1080/01930826.2014.893116?journalCode=wjla20
Baccarini, D., & Archer, R. (2001). The risk ranking of projects: a methodology. International Journal of
Project Management, 19(3), 139-145.
Bélanger, F., & Crossler, R. E. (2011). Privacy in the digital age: a review of information privacy research
in information systems. MIS quarterly, 35(4), 1017-1042.
Bird, D. (2018). Information Security risk considerations for the processing of IoT sourced data in the
Public Cloud. doi:10.1049/cp.2018.0040
Christoffersen, P. (2011). Elements of financial risk management. Academic Press.
IS/IT Risk Management 11
Cvetkovich, G., & Earle, T. C. (2013). Social trust and culture in risk management. . London: Routledge.
Dent, P., Woo, R., & Cudworth, R. (2018, June 18). Crisis management for the resilient enterprise.
Retrieved from www2.deloitte.com: https://www2.deloitte.com/insights/us/en/topics/risk-
management/crisis-management-plan-resilient-enterprise.html?id=us:2em:3pa:risk-
management:eng:di:062018
Dhillon, G., & Torkzadeh, G. (2006). Value focused assessment of information system security in‐
organizations. Information Systems Journal, 16(3), 293-314.
Gelles, M. (2019). Crisis Resilience and the Board—Taking Risk Oversight to the Next Level. Retrieved
April 29, 2019, from https://corpgov.law.harvard.edu/2019/03/28/crisis-resilience-and-the-
board-taking-risk-oversight-to-the-next-level/
Gupta, A., & Hammond, R. (2005). Information systems security issues and decisions for small
businesses: An empirical examination. Information management & computer security, 13(4),
297-310.
Hogan, J., & Lodhia, S. (2013). Sustainability reporting and reputation risk management: an Australian
case study. International Journal of Accounting & Information Management, 19(3), 267-287.
Humphreys, E. (2008). Information security management standards: Compliance, governance and risk
management. information security technical report, 13(4), 247-255.
Kassa, S. G. (2017). IT Asset Valuation, Risk Assessment and Control Implementation Model. Retrieved
December 11, 2018, from https://www.isaca.org/Journal/archives/2017/Volume-3/Pages/it-
asset-valuation-risk-assessment-and-control-implementation-model.aspx
Merna, T., & Al-Thani, F. (2011). Corporate risk management. John Wiley & Sons.
Messier Jr, W. F., & Austen, L. A. (2000). Inherent risk and control risk assessments: Evidence on the
effect of pervasive and specific risk factors. Auditing: A Journal of Practice & Theory, 19(2), 119-
131.
Mingers, J., & Walsham, G. (2010). Toward ethical information systems: the contribution of discourse
ethics. Mis Quarterly, 34(4), 833-854.
Cvetkovich, G., & Earle, T. C. (2013). Social trust and culture in risk management. . London: Routledge.
Dent, P., Woo, R., & Cudworth, R. (2018, June 18). Crisis management for the resilient enterprise.
Retrieved from www2.deloitte.com: https://www2.deloitte.com/insights/us/en/topics/risk-
management/crisis-management-plan-resilient-enterprise.html?id=us:2em:3pa:risk-
management:eng:di:062018
Dhillon, G., & Torkzadeh, G. (2006). Value focused assessment of information system security in‐
organizations. Information Systems Journal, 16(3), 293-314.
Gelles, M. (2019). Crisis Resilience and the Board—Taking Risk Oversight to the Next Level. Retrieved
April 29, 2019, from https://corpgov.law.harvard.edu/2019/03/28/crisis-resilience-and-the-
board-taking-risk-oversight-to-the-next-level/
Gupta, A., & Hammond, R. (2005). Information systems security issues and decisions for small
businesses: An empirical examination. Information management & computer security, 13(4),
297-310.
Hogan, J., & Lodhia, S. (2013). Sustainability reporting and reputation risk management: an Australian
case study. International Journal of Accounting & Information Management, 19(3), 267-287.
Humphreys, E. (2008). Information security management standards: Compliance, governance and risk
management. information security technical report, 13(4), 247-255.
Kassa, S. G. (2017). IT Asset Valuation, Risk Assessment and Control Implementation Model. Retrieved
December 11, 2018, from https://www.isaca.org/Journal/archives/2017/Volume-3/Pages/it-
asset-valuation-risk-assessment-and-control-implementation-model.aspx
Merna, T., & Al-Thani, F. (2011). Corporate risk management. John Wiley & Sons.
Messier Jr, W. F., & Austen, L. A. (2000). Inherent risk and control risk assessments: Evidence on the
effect of pervasive and specific risk factors. Auditing: A Journal of Practice & Theory, 19(2), 119-
131.
Mingers, J., & Walsham, G. (2010). Toward ethical information systems: the contribution of discourse
ethics. Mis Quarterly, 34(4), 833-854.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
1 out of 13
