The Next Wave in IT Infrastructure Risk Management - A Causal Modeling Approach with Bayesian Belief Networks

The management of risks associated with information technology (IT) infrastructure becomes increasingly important, as companies may face severe negative outcomes in case of failures. This paper proposes a new approach to manage IT infrastructure risks even in highly dynamic environments. Currently, IT infrastructure and its risks are managed based on historical loss data, which allows very precise forecasts for potential risks in stable environments. However, this is not adequate for the increasing number of firms facing dynamic environments like outsourcing or merger scenarios. Therefore, the next wave in IT infrastructure risk management has to employ more qualitative methodologies. Based on an ongoing case study with two leading IT consultancies and a European service enterprise, this paper demonstrates, how causal modeling with Bayesian Belief Networks enables the prediction and, most important, the proactive management of IT infrastructure risks.

[1]  KA Thleen,et al.  Building Theories from Case Study , 2007 .

[2]  Houston H. Carr,et al.  Risk Analysis for Information Technology , 1991, J. Manag. Inf. Syst..

[3]  R. Yin Case Study Research: Design and Methods , 1984 .

[4]  James C. Wetherbe,et al.  Key Issues in Information Systems Management: 1994-95 SIM Delphi Results , 1996, MIS Q..

[5]  Robert Heckman,et al.  Sources of Customer Satisfaction and Dissatisfaction with Information Technology Help Desks , 1998, ICIS.

[6]  Judea Pearl,et al.  Probabilistic reasoning in intelligent systems - networks of plausible inference , 1991, Morgan Kaufmann series in representation and reasoning.

[7]  Richard E. Barlow,et al.  Assessing the Reliability of Computer Software and Computer Networks: An Opportunity for Partnership with Computer Scientists , 1985 .

[8]  Michael P. Wellman,et al.  Real-world applications of Bayesian networks , 1995, CACM.

[9]  Ramazan Gençay,et al.  High volatility, thick tails and extreme value theory in value-at-risk estimation , 2003 .

[10]  Heiko Gewald,et al.  A Framework for Classifying the Operational Risks of Outsourcing - Integrating Risks from Systems, Processes, People and External Events within the Banking Industry , 2004, PACIS.

[11]  Albert L. Lederer,et al.  Rapid Change: Nine Information Technology Management Challenges , 2000 .

[12]  Elena A. Medova,et al.  Extreme values and the measurement of operational risk , 2000 .

[13]  Yuji Yasuda Application of Bayesian Inference to Operational Risk Management , 2003 .

[14]  Marcelo Cruz Modeling, Measuring and Hedging Operational Risk , 2002 .

[15]  Carol Alexander Bayesian Methods for Measuring Operational Risk , 2000 .

[16]  Fred Niederman,et al.  Information Systems Management Issues for the 1990s , 1991, MIS Q..

[17]  Rajiv D. Banker,et al.  Software Errors and Software Maintenance Management , 2002, Inf. Technol. Manag..

[18]  Kristin Braa,et al.  Hunting for the Treasure at the End of the Rainbow: Standardizing corporate IT Infrastructure , 1999, Computer Supported Cooperative Work (CSCW).

[19]  Ephraim R. McLean,et al.  Key Issues for IT Executives , 2004, MIS Q. Executive.

[20]  Michael J. Cerullo,et al.  Business Continuity Planning: A Comprehensive Approach , 2004, Inf. Syst. Manag..

[21]  Hans van Vliet,et al.  Software maintenance from a service perspective , 2000 .

[22]  Peter Weill,et al.  What IT Infrastructure Capabilities are Needed to Implement E-Business Models? , 2002, MIS Q. Executive.

[23]  K. Eisenhardt Building theories from case study research , 1989, STUDI ORGANIZZATIVI.