Sardar Sulaman, & Martin Höst. (2018). Risk Analysis and Management of IT Systems: Practice and Challenges. In Kees Boersma, & Brian Tomaszeski (Eds.), ISCRAM 2018 Conference Proceedings – 15th International Conference on Information Systems for Crisis Response and Management (pp. 831–840). Rochester, NY (USA): Rochester Institute of Technology.
Abstract: Risk analysis is important for safety-critical IT systems and services, both in public and private organizations. However, the actual practices and the challenges of risk analysis in these contexts have not been fully explored. This paper investigates the current practices of risk analysis by an interview-based investigation. This study investigates several factors of the risk analysis process, e.g., its importance, identification of critical resources, definitions of roles, involvement of different stakeholders, used methods, and follow-up analysis. Furthermore, this study also investigates existing challenges in the current practices of risk analysis. A number of challenges are identified, e.g., that risk analysis requires competence both about the risk analysis procedures and the analyzed system, which is challenging to identify, and that it is challenging to follow-up and repeat a risk-analysis that is conducted. The identified challenges can be useful when new risk analysis methods are defined.
|