In this paper we propose a novel approach for the systematic assessment and analysis of IT related risks in organisations and projects. The approach is model-driven using an enterprise architecture as the basis for the security management process. Using an enterprise architecture it is possible to provide an integrated description of an organisation’s structure, processes and its underlying IT ...

Ting and Comings [1] described how to use the Information Assurance (IA) Object Measurement (OM®) metric as a tool to measure the monitoring step (Step 6) described in the United States (U.S.) National Institute of Standards and Technology’s (NIST) Risk Management Framework (RMF)1 [2]. This chapter expands the applicability of the IA OM® metric and shows how it may be used as an enterprise-wide...

In a well-designed enterprise risk management (ERM) program, the firm integrates risk management into the strategic planning process, addressing strategic risk, financial risk, operational risk, and hazard risk under a single overarching process. This is particularly important to large financial firms, such as property and casualty (P&C) insurers, which face a diverse set of risks. We find that...

Risk management and knowledge management have so far been studied almost independently. The evolution of risk management to the holistic view of Enterprise Risk Management requires the destruction of barriers between organizational silos and the exchange and application of knowledge from different risk management areas. However, knowledge management has received little or no attention in risk m...

Risk management is important to the development of enterprise as well as social-economic prosperity. Virtual enterprise is the potential mode of future enterprise under electronic commerce environment and the risk management for it is a popular research area recently. Due to the complexity of its risk management a decision support system (DSS) with 3-bases-1-cell structure was designed. By coor...

The implementation team problem is one of the critical elements lead to ERP project failure. The purpose of this research is to explore the relationship between team risk factors and IT governance. The IT governance includes five important domains, that is, IT strategic alignment, IT value delivery, IT resource management, IT risk management, and IT performance management. Our research results ...