ISO 31000‐based integrated risk management process assessment model for IT organizations

Barafort, Béatrix; Mesquida, Antoni Lluís; Mas, Antònia

doi:10.1002/smr.1984

Cited by 17 publications

(15 citation statements)

References 22 publications

(34 reference statements)

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Bakar et al , 2015; Hannigan et al , 2019), despite possibly an increasing level of complexity (Heston and Phifer, 2011). However, researchers also highlight partial misalignments in the terminology, structure and scope of management system standards (Barafort et al , 2019). Methods and harmonization strategies are described in six papers in our review (8%).…”

Section: Thematic Findingsmentioning

confidence: 99%

“…Majerník et al (2017) describe a conceptual model for the integration of ISO/IEC 27001, ISO 9001 for quality management, ISO 14001 for environmental management and OHSAS 18001 for occupational health and safety (now replaced by the ISO 45001). The work of Barafort et al (2017, 2018, 2019) focuses on risk management activities foreseen by ISO/IEC 27001, ISO 9001, ISO 21500 (guidance on project management) and ISO/IEC 20000 (IT service management). Hoy and Foley (2015) delve into the integration of ISO 9001 and ISO/IEC 27001 audits.…”

Section: Thematic Findingsmentioning

confidence: 99%

“…Along the same lines, it has been suggested that ISO/IEC 27001 may be adopted following market demands, i.e. large private-sector corporations demand their suppliers to be certified (Ţigănoaia 2015; Barafort et al , 2019). The reason for this might be independent of large corporations being certified themselves, but rather – as reported by Everett (2011) – be related to a standardization in the bidding and procurement process.…”

Section: Thematic Findingsmentioning

confidence: 99%

See 2 more Smart Citations

The ISO/IEC 27001 information security management standard: literature review and theory-based research agenda

Culot

Nassimbeni

Podrecca

et al. 2021

TQM

View full text Add to dashboard Cite

PurposeAfter 15 years of research, this paper aims to present a review of the academic literature on the ISO/IEC 27001, the most renowned standard for information security and the third most widespread ISO certification. Emerging issues are reframed through the lenses of social systems thinking, deriving a theory-based research agenda to inspire interdisciplinary studies in the field.Design/methodology/approachThe study is structured as a systematic literature review.FindingsResearch themes and sub-themes are identified on five broad research foci: relation with other standards, motivations, issues in the implementation, possible outcomes and contextual factors.Originality/valueThe study presents a structured overview of the academic body of knowledge on ISO/IEC 27001, providing solid foundations for future research on the topic. A set of research opportunities is outlined, with the aim to inspire future interdisciplinary studies at the crossroad between information security and quality management. Managers interested in the implementation of the standard and policymakers can find an overview of academic knowledge useful to inform their decisions related to implementation and regulatory activities.

show abstract

Section: Thematic Findingsmentioning

confidence: 99%

Section: Thematic Findingsmentioning

confidence: 99%

Section: Thematic Findingsmentioning

confidence: 99%

See 1 more Smart Citation

The ISO/IEC 27001 information security management standard: literature review and theory-based research agenda

Culot

Nassimbeni

Podrecca

et al. 2021

TQM

View full text Add to dashboard Cite

show abstract

“…Pada penelitian yang dilakukan oleh [2], disimpulkan bahwa sebelas prinsip dalam ISO 31000:2009 standar manajemen risiko sangat potensial untuk dijadikan basis best practice dan dapat mempercepat penerapan manajemen risiko. Penerapan ISO 31000 dilakukan oleh [9] untuk membangun model proses penilaian risiko terintegrasi yang dapat meningkatkan kinerja dan koordinasi aktivitas manajemen risiko di organisasi teknologi informasi. Penerapan standar ISO 31000 juga dilakukan pada manajemen risiko untuk rantai pasokan.…”

Section: Pendahuluanunclassified

Pengembangan Prototipe Aplikasi Manajemen Risiko Berbasis ISO 31000

Setiawan

Bandung²

2020

MATRIX

View full text Add to dashboard Cite

Penerapan Manajemen Risiko dalam analisis keputusan dan sistem pengendalian dapat meningkatkan kinerja operasional dan nilai kompetitif dari organisasi. Semakin meningkatnya kompleksitas pekerjaan, kompleksitas risiko, sumber risiko yang saling berkaitan satu sama lain, serta semakin berkembangnya teknik pengidentifikasian risiko dan teknologi informasi melatarbelakangi banyak organisasi untuk menerapkan manajemen risiko. Pada penelitian ini dilakukan analisis dan pengembangan prototipe aplikasi manajemen risiko. Tujuan dari penelitian ini adalah membuat rancangan dan prototipe manajemen risiko yang dapat digunakan sebagai kertas kerja oleh Risk Owner dan Risk Officer dalam melakukan identifikasi, analisis, dan pembuatan rencana penanganan atas potensi risiko yang ada di departemennya. Penelitian dilakukan dalam tujuh tahapan, yaitu studi literatur, telaah dokumen dan proses bisnis saat ini, wawancara dan Focus Group Discussion bersama stakeholder, perancangan kebutuhan sistem manajemen risiko, pengembangan prototipe aplikasi, Focus Group Discussion untuk pengujian hasil pengembangan bersama stakeholder, dan penarikan kesimpulan. Hasil yang diperoleh dari penelitian ini adalah rancangan kebutuhan sistem manajemen risiko berupa atribut, kriteria dampak, kriteria kemungkinan, nilai keefektifan kontrol saat ini, skor efektifitas kontrol saat ini, serta tingkat dan perlakuan risiko, dan dan prototipe aplikasi manajemen risiko telah selesai dibuat dan dievaluasi. Pada penelitian ini juga telah mengidentifikasi lima proses utama sistem manajemen risiko, yaitu penentuan sasaran dan target kerja departemen, identifikasi risiko, analisis risiko, mitigasi risiko, dan monitoring risiko.

show abstract

“…Various ISO standards target management systems such as quality perspectives in ISO 9001, IT Service Management (ITSM) in ISO/IEC 20000 -1, project management in ISO 21500, and information security in ISO/IEC 27001. These IT-related and non-IT standards are significant for many companies [6].…”

Section: Introductionmentioning

confidence: 99%

Enhance Risks Management of Software Development Projects in Concurrent Multi-Projects Environment to Optimize Resources Allocation Decisions

Alharbi¹,

Alyoubi²,

Altuwairiqi³

et al. 2021

IJACSA

View full text Add to dashboard Cite

In software development project management, Risk management represents critical knowledge and skills at the level of a single software project and at the enterprise level, which executes multiple software projects concurrently. The best decision of Risk management contributes to optimizing resource allocation at the enterprise level for achieving its goals. Therefore, the issue needs centralized risk management at the enterprise level as a whole and not for each project. Risk management is implemented through several stages and using different methods. Various studies deal with multiple aspects of software management. This research provides an analytical view of risk assessment in multi-environment software development projects that take place simultaneously. The study uses a public dataset previously used in previous research for several simultaneous projects in one organization. It describes the multisoftware project's risks through 12 variables. A comparative analysis uses classification methods ( Random Forest-TreesJ48 -REP Tree -Simple Logistic) to assess risks and put them in central view. The research experiment has proven high accuracy in determining risk levels in a multi-project environment, reaching approximately 98%, using the REP tree technique.

show abstract

ISO 31000‐based integrated risk management process assessment model for IT organizations

Cited by 17 publications

References 22 publications

The ISO/IEC 27001 information security management standard: literature review and theory-based research agenda

The ISO/IEC 27001 information security management standard: literature review and theory-based research agenda

Pengembangan Prototipe Aplikasi Manajemen Risiko Berbasis ISO 31000

Enhance Risks Management of Software Development Projects in Concurrent Multi-Projects Environment to Optimize Resources Allocation Decisions

Contact Info

Product

Resources

About