A Framework for Managing Security Risks of Outsourced IT Projects

Almutairi, Moneef; Riddle, Steve

doi:10.1145/3178461.3178476

Cited by 2 publications

(1 citation statement)

References 7 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…However, at the same time a new problem arises: the fact that the risks are not only outside the information system, their source may be the project itself. Thus, to improve the assessment of the project, it is necessary to adjust for the risks arising, for example, in cases of problems during the implementation of the IS, or critical failures during the use of the system, as well as during its decommissioning [15].…”

Section: Impact Of Informational Systems On Company Risksmentioning

confidence: 99%

Risk-based efficiency assessment of information systems

Исаев¹,

Pervukhin²,

Rytikov³

et al. 2021

Bus. Inform.

View full text Add to dashboard Cite

The implementation of information systems is aimed at improving the financial performance of a company, creating a transparent reporting system and improving many other competitive factors. However, the acquisition of these benefits does not negate the complexity of making a decision whether or not to implement a particular IT project. The total cost of ownership of the information system throughout the life cycle is usually not considered in comparison with the expected benefits from the use of the system, due to the uncertainty of such benefits. Comparative certainty of approaches and methods is present only in terms of costs, both for a priori (planned) and a posteriori (actual) assessment. It is possible to determine both capital and operating costs accurately enough. Indirect definition of the positive influence of an information system on the activity of the organization also seems possible. However, there are currently no generally recognized methods for analyzing the expected positive effect of an IT project. At the same time, large companies, in accordance with the requirements of the respective regulators and / or due to internal management considerations, build a risk management system to determine the level of capabilities, losses and to prevent adverse events. This study considers the feasibility of an approach to analyze the effectiveness of the implementation of the information system on the basis of the company’s risk reduction, leading to a decrease in economic benefits. It takes into account the internal risks of the information system that occur during the installation of the system, its operation and the termination of work with the system.

show abstract

Section: Impact Of Informational Systems On Company Risksmentioning

confidence: 99%