We found a match
Your institution may have access to this item. Find your institution then sign in to continue.
- Title
A Risk Management Model for an Academic Institution's Information System.
- Authors
Dreyfuss, Michael; Giat, Yahel
- Abstract
This article describes a two-step decision support model for investing in information technology security, both development and application. In the first step, the risk level of each of the system's components is mapped, with the aim of identifying the subsystems that pose the highest risk. In the second step, the model determines how much to invest in various technological tools and workplace culture programs to enhance information security. An application of this model to an information system in an academic institution in Israel is described. This system comprises ten subsystems and the authors identify the three that bear the most risk. These findings are used to determine the parameters of the investment allocation problem and find the optimal investment plan. The results of the model's application indicate that hacking for the purpose of cheating is a greater threat than other types of security issues. Additionally, the results support the claim that information security officials tend to overinvest in security technological tools and underinvest in improving security workplace culture.
- Subjects
RISK management information systems; DECISION support systems; INFORMATION technology security; INVESTMENT management; WORK environment
- Publication
Information Resources Management Journal, 2018, Vol 31, Issue 1, p83
- ISSN
1040-1628
- Publication type
Article
- DOI
10.4018/IRMJ.2018010104