ICT risk management in organizations: Case studies in Thai business

Risks related to information communication and technologies (ICTs) still occur in organizations. In spite of development of ICT risk management methodologies that have been published in numerous frameworks and/or standards to help organizations deal with ICT risks, it has still been questioned about whether or not its methodology has manifested success. This research identifies the current profile of ICT risk management planning and investigates success in implementation in Thai organizations of both the Control Objectives for the Information and related Technology (COBIT) framework and the ISO/IEC 17799 standard for dealing with ICT risk management. The findings from three case studies indicate that successful ICT risk management planning focuses on the collaboration between the management level activities and the operational level activities in order to cope with ICT risks successfully.

[1]  Forbes Gibb,et al.  The information audit: Role and scope , 2007, Int. J. Inf. Manag..

[2]  A. Calder IT Governance , 2006 .

[3]  Mario Piattini,et al.  A common criteria based security requirements engineering process for the development of secure information systems , 2007, Comput. Stand. Interfaces.

[4]  Andrew Kakabadse,et al.  IS/IT governance: need for an integrated model , 2001 .

[5]  Sangkyun Kim,et al.  Governance of Information Security: New Paradigm of Security Management , 2007, Computational Intelligence in Information Assurance and Security.

[6]  Bennet P. Lientz,et al.  Risk Management for IT Projects: How to Deal with Over 150 Issues and Risks , 2006 .

[7]  J. Lainhart,et al.  Why IT Governance Is a Top Management Issue , 2000 .

[8]  M. J. Kenning Security Management Standard — ISO 17799/BS 7799 , 2001 .

[9]  Les Ruddock,et al.  ICT in the Construction Sector: Computing the Economic Benefits , 2006 .

[10]  P. Best,et al.  The Role of Boards in Reviewing Information Technology Governance (ITG) as part of organizational control environment assessments , 2005 .

[11]  Gail Ridley,et al.  COBIT and its utilization: a framework from the literature , 2004, 37th Annual Hawaii International Conference on System Sciences, 2004. Proceedings of the.

[12]  Rene Saint-Germain,et al.  Information Security Management Best Practice Based on ISO/IEC 17799 , 2005 .

[13]  S. Kelley,et al.  Using CobiT to Secure Information Assets , 2003 .

[14]  Robin Mansell Information and communication technologies for development: assessing the potential and the risks , 1999 .

[15]  J. Eloff,et al.  Information security management: a new paradigm , 2003 .

[16]  R. Scapens Researching management accounting practice: The role of case study methods , 1990 .

[17]  Varun Grover,et al.  Designing company-wide information systems: Risk factors and coping strategies , 1996 .

[18]  E. Jordan,et al.  Beating IT Risks , 2005 .

[19]  James D. McKeen,et al.  Developments In Practice XXI: IT in the New World of Corporate Governance Reforms , 2006, Commun. Assoc. Inf. Syst..

[20]  Anne-Marie Kruis,et al.  Sourcing of Internal Auditing: An Empirical Study , 2005 .

[21]  Ibrahim Sogukpinar,et al.  A quantitative method for ISO 17799 gap analysis , 2006, Comput. Secur..

[22]  David Teneyuca Organizational Leader's Use Of Risk Management for Information Technology , 2001, Inf. Secur. Tech. Rep..

[23]  Nick Robinson,et al.  IT excellence starts with governance , 2005 .

[24]  Lawrence Capuder ISO-17799 – Standard for Information Security: A Welcome Boon for Security Management and Audit , 2004 .

[25]  G. Sarens,et al.  Internal auditors' perception about their role in risk management : A comparison between US and Belgian companies , 2006 .

[26]  Evangelos A. Kiountouzis,et al.  The insider threat to information systems and the effectiveness of ISO17799 , 2005, Comput. Secur..

[27]  Ralph E. Viator,et al.  Computer Auditor Reliance on Automated and Non-Automated Controls As a Function of Training and Experience , 1998 .

[28]  Dana R. Hermanson,et al.  Information Technology-Related Activities of Internal Auditors , 2000, J. Inf. Syst..

[29]  R. Yin Case Study Research: Design and Methods , 1984 .

[30]  Sebastiaan H. von Solms,et al.  Corporate Governance and Information Security , 2001, Comput. Secur..

[31]  K. Pickett The essential handbook of internal auditing , 2005 .

[32]  M. D. Myers,et al.  Qualitative Research in Information Systems: A Reader , 2002 .

[33]  Sebastiaan H. von Solms,et al.  Information Security Governance - Compliance management vs operational management , 2005, Comput. Secur..

[34]  Gerald Trites,et al.  Director responsibility for IT governance , 2004, Int. J. Account. Inf. Syst..

[35]  Rolf Moulton,et al.  Operationalizing IT Risk Management , 2003, Comput. Secur..

[36]  Sebastiaan H. von Solms,et al.  Information Security governance: COBIT or ISO 17799 or both? , 2005, Comput. Secur..

[37]  Stuart Robbins,et al.  THE GOVERNANCE , 2021, Research Handbook on Sports and Society.