...INFORMATION SYSTEMS RISK MANAGEMENT Week-4 assignment Wonyie V. Zarwee November 29, 2010 While it lessens the burden on organizations, reducing and shifting the cost and risk of its IT operation, security and management issues to an external service provider or vendor, outsourcing any portions of an organization's Information System has significant risks that can sometimes become detrimental to the outsourced organization. According to the Commission on Government Outsourcing, "when outsourcing an organization exposes itself to significant risks in terms of security, accuracy, and completeness of information (Holroyd City Council, 2008)". Comprised in the rest of this document is an exclusive examination of four different outsourcing activities and the associated risks that an organization needs to be aware of. Let me begin with the use of an external service provider for data storage for an organization. This situation is mostly attributed to midsized and few large business with less capital to develop and operate a databases of their own. They may neither have the finance to purchase and operate a database adequately nor the additional funding to hire a skilled IT team to manage a database in-house. In an attempt to effectively and securely manage their data at a lower and affordable budget, many of these organizations choose to outsource their data storage. Even though outsourcing of their database helps an organization to save on cost, there are many risk involve...
Words: 1125 - Pages: 5
...Running head: RISK MANAGEMENT AND PROBLEM MANAGEMENT RELATION The effectiveness of the relationship between risk management and problem management of a compromised UNIX operating system CSMN 655 Computer Security, Software Assurance, Hardware Assurance, and Security Management Abstract Risk management is an ongoing, continuous process whose purpose is to identify and assess program risks and opportunities with sufficient lead-time to implement timely strategies to ensure program success. The entire risk management process balances the operational and economic costs of protective measures and contributes to mission capability by protecting the systems and the data that support the organizational mission from both deliberate and unintentional compromise. Computer security problem, or incident, management is an administrative function of managing and protecting computer assets, networks and information systems. These systems continue to become more critical to the personal and economic welfare of our society. Organizations must understand their responsibilities to the public good and to the welfare of their members. This responsibility extends to having a management program for reacting to system breaches, if and when they occur. Incident management is a program which defines and implements a process that an organization may adopt to promote its own welfare and the security of the public...
Words: 4103 - Pages: 17
...The Implications of Risk Management Information Systems for the Organization of Financial Firms Michael S. Gibson* Federal Reserve Board Abstract Financial dealer firms have invested heavily in recent years to develop information systems for risk measurement. I take it as given that technological progress is likely to continue at a rapid pace, making it less expensive for financial firms to assemble risk information. I look beyond questions of risk measurement methodology to investigate the implications of risk management information systems. By examining several theoretical models of the firm in the presence of asymmetric information, I explore how a financial firm’s capital budgeting, incentive compensation, capital structure, and risk management activities are likely to change as it becomes less costly to assemble risk information. I also explore the likely effects of the falling cost of assembling risk information on a financial firm’s organizational structure. Two common themes emerge: centralization within the firm and increased disclosure of risk information outside the firm are both likely to increase. 1 Introduction Financial dealer firms have invested heavily in recent years to develop information systems for risk measurement and management.1 These systems gather data on a firm’s risk positions and compute statistical measurements, such as Value-atRisk, to assess the magnitude of the risks faced by the firm. Increasingly, the uses of these...
Words: 4467 - Pages: 18
...emeraldinsight.com/0968-5227.htm IMCS 14,3 Formulating information systems risk management strategies through cultural theory Aggeliki Tsohou, Maria Karyda and Spyros Kokolakis Department of Information and Communication Systems Engineering, University of the Aegean, Samos, Greece 198 Evangelos Kiountouzis Department of Informatics, Athens University of Economics and Business, Athens, Greece Abstract Purpose – The purpose of this paper is to examine the potential of cultural theory as a tool for identifying patterns in the stakeholders’ perception of risk and its effect on information system (IS) risk management. Design/methodology/approach – Risk management involves a number of human activities which are based on the way the various stakeholders perceive risk associated with IS assets. Cultural theory claims that risk perception within social groups and structures is predictable according to group and individual worldviews; therefore this paper examines the implications of cultural theory on IS risk management as a means for security experts to manage stakeholders perceptions. Findings – A basic theoretical element of cultural theory is the grid/group typology, where four cultural groups with differentiating worldviews are identified. This paper presents how these worldviews affect the process of IS risk management and suggests key issues to be considered in developing strategies of risk management according to the different perceptions cultural groups have. Research...
Words: 9716 - Pages: 39
...ADVANCING CREDIT RISK MANAGEMENT THROUGH INTERNAL RATING SYSTEMS At Bank for Investment and Development of Viet Nam JSC (Transaction office no.8 ) Table of Contents Foreword Part I : Overview of Bank Credit risk management and The theoretical basis of Internal rating systems 1. The activities of commercial banks 1.1. The concept of a commercial bank. 1.2. Operation and Performance of Commercial Banks 2. Managing Operational risk in banking 3. Definition of an Internal Rating System 4. Rating models 4.1. Outlines of Rating Models 4.2. Validation of Rating Models 4.3. Adjusting Rating Models 5. Uses of Internal Rating Systems 6. Benefits of Using an Internal Rating System Part II : Current situation of Credit activities and Internal rating systems at BIDV ( Transaction office no.8 ) 1. General introduction of Bank for Investment and Development of Viet Nam JSC ( BIDV ) 2. Current business status of BIDV 2.1. Socio-economic situation in the period of 2008-2012 2.2. Situation of BIDV business operations in the period of 2008-2012 3. Situation of BIDV Credit quality in the period of 2008 – 2012 3.1. Current situation of BIDV Credit quality 3.2. Achivement of BIDV Credit activities 3.3. SWOT analysis on Credit activities of BIDV branches 4. Current situation of Internal rating systems at BIDV 4.1. Current situation of Credit Risk Management at BIDV 4.2. Current situation of Customer rating systems at BIDV (Transaction office no. 8) ...
Words: 398 - Pages: 2
...Huffman is attempting to sort out complexities associated with the Benefit Elections systembeing requested. The purpose of the following documentation will address security requirements andrisk associated within the project plan of the Benefits Election System. Complexities, time consumption,and untimely errors can be curtailed with a proper plan, Positive ROI analysis, and maintaining supportof key stakeholders.Foundational ideologies Diem a necessary review of current documentation pertaining toocurrent systems and architecture within Huffman. Understanding is necessary within this review, asstakeholder perspective needs to be maintained throughout the projected project. Unclear system orsecurity requirements will need to be addressed and resolved prior to the analysis phase.The benefit election system needs to be designed and tested from an environmental point of which it will be deployed. Security requirements will need to be addressed within such documentationas: 1. Operational environment specifications 2. Diagrams specifying trust, and risk boundaries. Pertaining dataflow diagrams 3. Resource specifications, with outlined capabilities 4. Comparison of resource specifications to users of resources , being implemented withinthe set requirements. 5. Possible points of security breach by cyber attacker, with possible cyber attacker profile 6. Scenario cases of misuseThe individual with whom the project manager assigns these tasks will need to produce oranalyze these...
Words: 280 - Pages: 2
...Risk Management in the Asian Banking Sector “What is the best strategy for the implementation of Enterprise Risk Management in the banking sector of the highly expansive but volatile Asian economy?” I chose to do an in-depth study of this area of risk management because as I am Australian, it is extremely important for me to start to fully understand the workings of our closest economic partner and the future of our economy which is driven by the expansive growth that is rolling through Asia. I was also intrigued into the steps needed to fully adopt a risk management system in an entity. It should be noted that the focus of this paper is on the developing region of South-East Asia and less on the more developed parts of Asia including China and Korea. Matthew Dichiera 11167674 Contents 1 – Introduction 2 – 1997 Asian Financial Crisis and effect on vision of risk management 3 – Overview of risks faced by banks in the developing Asian region 4 – Importance of Enterprise risk management (ERM) 5 – Strategies of implementing ERM and the challenges associated. 6 – Conclusion 7 – References Introduction The Asian economy is a vehicle of highly expansive growth and even higher volatility, it is an area of the economic world which must be treated with much anticipation and be viewed with excitement but also must be monitored and watched extremely carefully as was shown by the infamous Asian financial crisis of 1997. Opportunities for growth are high, which...
Words: 3953 - Pages: 16
...Risk is an inevitable component of intermediation and trading activity. Given the fundamental trade-off between risks and returns, the objective of regulators is to determine when risk exposures either become excessive relative to the financial institution’s capital position and financial condition or have not been identified to the extent that the situation represents an unsafe and unsound banking practice. Determination of whether the institution’s risk-management system can measure and control its risks is of particular importance. The primary components of a sound risk-management process are a comprehensive risk-measurement approach; a detailed structure of limits, guidelines, and other parameters used to govern risk taking; and a strong management information system for monitoring and reporting risks. These components are fundamental to both trading and nontrading activities. Moreover, the underlying risks associated with these activities, such as market, credit, liquidity, operations, and legal risks, are not new to banking, although their measurement can be more complex for trading activities than for lending activities. Accordingly, the process of risk management for capitalmarkets and trading activities should be integrated into the institution’s overall riskmanagement system to the fullest extent possible using a conceptual framework common to the financial institution’s other business activities. Such a common framework enables the institution ...
Words: 9713 - Pages: 39
...RISK MANAGEMENT GUIDE FOR DOD ACQUISITION Sixth Edition (Version 1.0) [pic] AUGUST, 2006 Department of Defense Preface The Department of Defense (DoD) recognizes that risk management is critical to acquisition program success (see the Defense Acquisition Guidebook (DAG), Section 11.4). The purpose of addressing risk on programs is to help ensure program cost, schedule, and performance objectives are achieved at every stage in the life cycle and to communicate to all stakeholders the process for uncovering, determining the scope of, and managing program uncertainties. Since risk can be associated with all aspects of a program, it is important to recognize that risk identification is part of the job of everyone and not just the program manager or systems engineer. That includes the test manager, financial manager, contracting officer, logistician, and every other team member. The purpose of this guide is to assist DoD and contractor Program Managers (PMs), program offices and Integrated Product Teams (IPTs) in effectively managing program risks during the entire acquisition process, including sustainment. This guide contains baseline information and explanations for a well-structured risk management program. The management concepts and ideas presented here encourage the use of risk-based management practices and suggest a process to address program risks without prescribing specific methods or tools....
Words: 12584 - Pages: 51
...Dustin Cooper 9/30/13 Regent University Introduction Information systems have permeated every aspect of today’s society. Information systems allow organizations and people to carry out everyday activities in a much more efficient way. However, due to the increased dependence on information systems, it has become imperative that methodologies and practices are developed to safeguard the data that is stored and used by information systems, as well as the protection of the hardware that runs the information system. Therefore, a proper understanding of risk management and all that it entails is of the utmost importance for every IT professional, regardless of specialization. The purpose of this paper is to identify what risk management is and give an overview of the three phases or undertakings that make up the risk management process and then conclude with a discussion and explanation of the six-step Risk Management Framework (RMF) developed by the Department of Defense and the National Institute of Standards and Technology (NIST) (National Institute of Standards and Technology, 2010). “Risk management is the process of Identifying risks, as represented by vulnerabilities, to an organization’s information assets and infrastructure, and taking steps to reduce this risk to an acceptable level” (Michael E. Whitman, Herbert J. Mattord, 2012, p. 119.). Thus, risk management is merely the ability of a person or organization to implement due diligence and identify any potential...
Words: 2778 - Pages: 12
...Risk Management Principles CMGT/430 INTRODUCTION Riordan Manufacturing is a company that is commited to handling their business in an ethical and logical manner. In order to provide the proper risk management plan for the company there needs to be a conference with all of management and stakeholders to get an oversight on the company and what it needs for mitigation control and risk management. The company needs to reconsider getting input from internal auditors, external auditors and outsources. Management will also need to get all of the department heads and key people together to discuss all of the initial assessments of the risk management capabilities and how effective it can be on the network/system. This assessment will be able to decide rather to have or continue with a more in tune risk management plan. There is also the need to discuss how to make the plan stronger for the company and how the analysts should focus on the risk management mitigation for Riordan manufacturing. Risk Management Principles Riordan Manufacturing is a corporation that is consistent of many different businesses. This new plan that needs to be implemented will help each business to deal with and handle their everyday risks and teach them how to make the proper decisions on what can or could be done. In order for this new plan to be implemented, eack business will have to be able to weigh out the risks with the strategies and be able to know and choose the proper decision when responding...
Words: 1084 - Pages: 5
...MIT Sloan School of Management MIT Sloan School Working Paper 4933-11 Developing a Common Language About IT Risk Management George Westerman and Richard Hunter ©George Westerman and Richard Hunter All rights reserved. Short sections of text, not to exceed two paragraphs, may be quoted without explicit permission, provided that full credit including © notice is given to the source. This paper also can be downloaded without charge from the Social Science Research Network Electronic Paper Collection: http://ssrn.com/abstract=1979796 Electronic copy available at: http://ssrn.com/abstract=1979796 CENTER FOR Massachusetts INFORMATION Institute of SYSTEMS Technology RESEARCH Sloan School Cambridge of Management Massachusetts Developing a Common Language About IT Risk Management George Westerman and Richard Hunter June 2009 CISR WP No. 377 A version of this paper will be published as “Developing a Common Language About IT Risk,” IESE Insight, Issue 1, Second Quarter 2009: 21–27. © 2009 Massachusetts Institute of Technology. All rights reserved. Research Article: a completed research article drawing on one or more CISR research projects that presents management frameworks, findings and recommendations. Research Summary: a summary of a research project with preliminary findings. Research Briefings: a collection of short executive summaries...
Words: 5211 - Pages: 21
...you are an athlete, a fashionista, a (potential) employee or any other stakeholder, we strive to create value for you. Read on to find out how. RISK MANAGMENT FACTORS We acknowledge that in our daily business we are exposed to various risks and that it is necessary to take certain risks in order to be competitive and ensure sustainable success. Our risk and opportunity management principles and system provide the framework for our Group to conduct business in a well-controlled environment We define risk as the potential occurrence of an external or internal event (or series of events) that may negatively impact our ability to achieve the Group’s business objectives or financial goals. Opportunity is defined as the potential occurrence of an external or internal event (or series of events) that can positively impact the Group’s ability to achieve its business objectives or financial goals. We have summarized risks in four main categories: Strategic, Operational, Legal & Compliance and Financial. Opportunities are classified in two main categories: Strategic & Operational and Financial. The Adidas AG Executive Board has the overall responsibility to operate an effective risk and opportunity management system that ensures comprehensive and consistent management of all material risks and opportunities. The Group Risk Management department...
Words: 566 - Pages: 3
...Cisco Systems, Inc. Supply Chain Risk Management Chuck Munson with María Jesús Sáenz and Elena Revilla Vice President, Publisher: Tim Moore Associate Publisher and Director of Marketing: Amy Neidlinger Executive Editor: Jeanne Glasser Levine Operations Specialist: Jodi Kemper Managing Editor: Kristy Hart Senior Project Editor: Betsy Gratner Compositor: Nonie Ratcliff Manufacturing Buyer: Dan Uhrig © 2014 by Chuck Munson Published by Pearson Education, Inc. Publishing as FT Press Upper Saddle River, New Jersey 07458 FT Press offers excellent discounts on this book when ordered in quantity for bulk purchases or special sales. For more information, please contact U.S. Corporate and Government Sales, 1-800-382-3419, corpsales@pearsontechgroup.com. For sales outside the U.S., please contact International Sales at international@pearsoned.com. Company and product names mentioned herein are the trademarks or registered trademarks of their respective owners. All rights reserved. No part of this book may be reproduced, in any form or by any means, without permission in writing from the publisher. ISBN-10: 0-13-375744-7 ISBN-13: 978-0-13-375744-6 Pearson Education LTD. Pearson Education Australia PTY, Limited. Pearson Education Singapore, Pte. Ltd. Pearson Education Asia, Ltd. Pearson Education Canada, Ltd. Pearson Educación de Mexico, S.A. de C.V. Pearson Education—Japan Pearson Education Malaysia, Pte. Ltd. Reprinted from The Supply Chain Management Casebook (ISBN: 9780133367232) by...
Words: 4942 - Pages: 20
...Risk Management Guidelines for Commercial Banks & DFIs. Table of Contents Page No. Introduction Defining Risk Risk Management Board & Senior Management oversight Risk Management Framework Integration of Risk Business Line Accountability Risk Evaluation / Measurement Independent Review Contingency Planning 1 1 2 3 3 4 4 4 4 5 5 7 8 8 9 9 10 10 13 14 15 15 17 17 18 18 18 19 20 20 21 21 21 22 24 24 24 25 Managing Credit Risk Components of Credit Risk Management Board & Senior Management oversight Organization Structure Systems and Procedures Credit origination Limit setting Credit Administration Measuring Credit Risk Internal Risk Rating Credit Risk Monitoring & Control Risk Review Delegation of Authority Managing Problem Credits Managing Market Risk Interest Rate Risk Foreign Exchange Risk Equity / commodity price Risk Element of Market Risk Management Board and Senior Management Oversight Organization Structure Risk Management Committee ALCO Middle Office Risk Measurement Repricing Gap Models Earning at Risk &Economic Value of Equity Models Value at Risk Risk Monitoring Risk Controls Audit Risk limits 25 27 28 28 30 30 30 31 31 33 34 34 35 36 37 37 38 38 38 39 39 39 Managing Liquidity Risk Early Warning Indicators Board and Senior Management Oversight Liquidity Risk Strategy and Policy ALCO/ Investment Committee Liquidity Risk Management Process MIS Liquidity Risk Measurement & Monitoring Contingency Funding Plan Cash Flow Projections Liquidity Ratios...
Words: 18341 - Pages: 74