Governance, Risk, and Compliance (GRC) is an emerging topic in the world of business and information technology. However to date there is a lack of research on an integrated approach to GRC has hardly been researched. In this paper we construct an integrated process model for high-level IT GRC management. First, we discuss existing process models for integrated GRC. Then we set the scope of our...

4 SUMMER/FALL 1999 T’S A RACE with no starting point, no fixed course, and really no rules at all: walk, run, ride, do anything you want. Form a team, as big as you like. Build any sort of machine you wish with whatever money you can get your hands on. Just get to the finish line first. That finish line isn’t a particular place but a new understanding of a symmetry (or rather, an almost symmetr...

This paper discusses the background and results of a research project which was conducted by ENISA (European Network and Information Security Agency) in cooperation with the BOC Information Technologies Consulting GmbH. The project was initiated with respect to the main task of ENISA: ensuring a high and effective level of network and information security within organisations in the European Un...

The purpose of this short paper is to sketch the development of a few basic topics in the history of Realizability The number of topics is quite limited and re ects very much my own personal taste biases and prejudices Realizability has over the past years developed into a subject of such dimensions that a comprehensive overview would require a fat book Maybe someone some day ought to write suc...

Open source software (OSS) has reshaped and remodeled various layers of the organizational ecosystem, becoming an important strategic asset for enterprises. Still, many enterprises are reluctant to adopt OSS. Knowledge about technological risks and their importance for IT executives is still under researched. We aim to identify the technological risks and their importance for OSS adoption durin...

Masalah Begitu banyak kemajuan telah terjadi pada kemampuan perangkat keras maupun perangkat lunak untuk membantu kehidupan manusia. Meskipun begitu, masih banyak sekali masalah sistem yang tidak digunakan dengan maksimal. Oleh karena itu, salah satu isu yang sangat penting adalah bagaimana cara untuk mengerti kondisi-kondisi di mana sistem informasi diterima atau tidak diterima di dalam suatu ...

225 Background: Existing data on patient satisfaction after radiotherapy (RT) is scarce. The specific aim of this analysis is to describe the clinical experience for cancer patients (pts) completing a course of RT at OHSU's Knight Cancer Institute. METHODS The records of 200 OHSU pts that completed a 5-item "Was It Worth It (WIWI)?" questionnaire highlighting pt satisfaction were reviewed. Th...

We develop a Bayesian multivariate analysis of expert judgment elicited using an extended form of pair-wise comparisons. The method can be used to estimate the effect of multiple factors on the probability of an event and can be applied in risk analysis and other decision problems. The analysis provides variance predictions of the quantity of interest that incorporate dependencies amongst the v...

This study examines how the risk-taking incentive of top executives drives the strategic risk-taking in corporate IT implementation. We use the risk incentive provided in executive compensation to capture top executives’ risk-taking incentive, and develop measures of aggressive IT implementation to capture strategic risk-taking in IT implementation. Our analysis provides empirical evidence that...

The worldwide concern with corporate governance concerns itself, inter alia, with the risks that an organisation faces; for many, IT is significant among those risks. This paper examines the audit approach, and others, to dealing with risks in IT-based systems. This paper summarises the findings of research in IT-related areas of risk and then draws together a charter for IT governance that mee...