Research on Building Baseline of IT Risk Control and Its Application in IT Risks Management

Feng YANG

Abstract


Based on ERM of COSO and IT life-cycle theory, this paper analyzed enterprise’s IT risk management needs and its environment, provided the definition of baseline IT risk control, proposed the framework and models of constructing IT risk control baseline in enterprises, and finally discussed its elements and construction methods of IT risk control baseline. Applying the baseline model of IT risk control into IT risk management works of enterprises, it will be a powerful tool and means for the enterprise IT risk management.


Keywords


IT risk management; Baseline of IT risk control; Risk environment; Risk control

Full Text:

PDF

References


Fang H. X., & Wang, H. (2008). Enterprise risk management — Integrated framework. Dalian, China: Dongbei University of Finance & Economics Press.

Li, C., & Wang, W. (2009). The application of security baseline control in risk management process. Network Security Technology & Application, (9), 4-7.

Liu, A. G. (2009, August 5). A review of snapshot technology development. Retrieved 2011, August 5 from http://blog.csdn.net/liuben/article/details/4494555

Liu, T. (2000). Research of building security baseline of complicated information system. Chinese Journal of Management Science, (8), 636-644.

Lu, J. Y. (2011). Information system risk management. Beijing: Tsinghua University Press.

Lü, X. (2006). Security classification methods and baseline guarantee strategy of E-government information system. Netinfo Security, (9), 34-36.

Ma, G. Y., & Shen, J. (2011). How to better serve the function of communication network as security baseline. Telecommunications Technology, (5), 11-14.

Ma, Y. (2005). Technological development and technological risk management. Forum on Science and Technology in China, (1), 33-36.

Sang, Z.Q. (2007). Security baseline and hierarchy protection of telecommunication operating enterprises. Telecommunications Network Technology, (9), 4-7.

Starr, C. (1969). Social benefit versus technological risk. Science, 165, 1232-1238.

Wang, Y. C., Zhang, J. L., Lu, X. Y., & Chen, Y. (2005). Risk Identification of IT projects during total life cycle. Chinese Journal of Management, S2 (9), 5-9.

Yang, T. (2010). The commercial bank’s information technology risk and the prevention. Finance Forum, (11), 66-70.

Yang, T. (2010). Study on the information technology risk in the commercial bank of China. Information Security and Technology, (06), 66-70.




DOI: http://dx.doi.org/10.3968/5520

Refbacks

  • There are currently no refbacks.


Copyright (c)



Share us to:   

Reminder

  • We are currently accepting submissions via email only.

    The registration and online submission functions have been disabled.

    Please send your manuscripts to mse@cscanada.net,or mse@cscanada.org  for consideration.

    We look forward to receiving your work.

 


We only use three mailboxes as follows to deal with issues about paper acceptance, payment and submission of electronic versions of our journals to databases:
caooc@hotmail.com; mse@cscanada.net; mse@cscanada.org

 Articles published in Management Science and Engineering are licensed under Creative Commons Attribution 4.0 (CC-BY).

 MANAGEMENT SCIENCE AND ENGINEERING Editorial Office

Address:1055 Rue Lucien-L'Allier, Unit #772, Montreal, QC H3G 3C4, Canada.

Telephone: 1-514-558 6138
Http://www.cscanada.net Http://www.cscanada.org

Copyright © 2010 Canadian Research & Development Centre of Sciences and Cultures