Including technical and security risks in the management of information systems: A programmatic risk management model

Security is increasingly becoming a critical focus in information systems projects. With more networks, mobility, and telecommuting, there is an increased need for an assessment of the technical and security risks. These risks if realized can have devastating impacts: interruptions of service, data theft or corruption, embezzlement and fraud, and compromised customer privacy. The software risk assessment literature (for example, Schmidt et al., 2001, Barki et al., 2001, and Lyytinen et al., 1998) has focused primarily on managerial or development risks. With the increasing focus on technical and security risks, theoretical risk models need to be developed that can provide a framework for assessing and managing the critical technical and security risk factors in conjunction with the managerial and development risks. This research seeks to model this problem by extending risk models originally developed for large-scale engineering systems.