Authors:
Mariana Rosa
1
;
2
;
Sérgio Guerreiro
1
;
2
and
Rúben Pereira
3
Affiliations:
1
INESC-ID, Rua Alves Redol 9, 1000-029 Lisbon, Portugal
;
2
Instituto Superior Técnico, University of Lisbon, Av. Rovisco Pais 1, 1049-001 Lisbon, Portugal
;
3
Instituto Universitário de Lisboa (ISCTE-IUL), Lisbon, Portugal
Keyword(s):
DEMO, Essential Model, IT RM, Ontology, SLR.
Abstract:
Nowadays, organisations use and rely on Information Technology (IT) solutions. However, despite their benefits, IT solutions induct risks. Consequently, organisations implement Risk Management (RM), more specifically Information Technology Risk Management (IT RM), in order to maximize the effectiveness of IT usage while dealing with IT risks. Nevertheless, IT RM’s implementation is not easy, since numerous standards and frameworks propose multiple RM processes to deal with IT risks. Moreover, these processes are composed of different activities causing confusion. In the end, organisations are not capable of managing risks successfully due to IT RM’s complexity. To overcome IT RM diversity, a Systematic Literature Review (SLR) was conducted. The goal is to identify which are the most essential IT RM activities. The SLR results were then integrated with ISO 31000 and PMBOK standards in the form of an ontology using Design and Engineering Methodology Ontology (DEMO). The contributions o
f this study are: the aggregate analysis of IT RM activities through the SLR; the identification of reasons and benefits of using DEMO; a description of an IT RM’s essential model designed as an ontology; and a critical view of the benefits of the ontological model proposed.
(More)