JIS  Vol.10 No.4 , October 2019
Systematizing IT Risks
Abstract: IT risks—risks associated with the operation or use of information technology—have taken on great importance in business, and IT risk management is accordingly important in the science and practice of information management. Therefore, it is necessary to systematize IT risks in order to plan, manage and control for different risk-specific measures. In order to choose and implement suitable measures for managing IT risks, effect-based and cause-based procedures are necessary. These procedures are explained in detail for IT security risks because of their special importance.
Cite this paper: Disterer, G. (2019) Systematizing IT Risks. Journal of Information Security, 10, 237-249. doi: 10.4236/jis.2019.104013.

[1]   Romeike, F. (2003) Risikoidentifikation und Risikokategorien. In: Romeike, F. and Finke, R., Eds., Erfolgsfaktor Risikomanagement, Gabler, Wiesbaden, 165-180.

[2]   ISACA and Risk Management Association (2014) Leitfaden ISO 31000 in der IT. Kelkheim.

[3]   Prokein, O. (2008) IT-Risikomanagement. Gabler, Wiesbaden.

[4]   Knoll, M. (2014) Praxisorientiertes IT-Risikomanagement. Dpunkt, Heidelberg.

[5]   Heinrich, L.J., Stelzer, D. and Riedl, R. (2014) Informationsmanagement. Oldenbourg, München.

[6]   ISACA (2012) COBIT 5—Enabling Processes. Rolling Meadows.

[7]   ISO 27005 (2011) Information Technology—Security Techniques—Information Security Risk Management. Geneva.

[8]   ISO 27000 (2009) Information Technology—Security Techniques—Information Security Management Systems. Geneva.

[9]   Bundesamt für Sicherheit in der Informationstechnik (2009) Informationssicherheit Ein Vergleich von Standards und Rahmenwerke. Bonn.

[10]   ISACA (2013) COBIT 5 for Risk. Rolling Meadows.

[11]   Disterer, G. (2012) Attacks on IT Systems: Categories of Motives. In: Chou, T.-S., Ed., Information Assurance and Security Technologies for Risk Assessment and Threat Management: Advances, Information Science Reference, Hershey, 1-16.

[12]   Bundesamt für Sicherheit in der Informationstechnik (2014) Die Lage der IT-Sicherheit in Deutschland. Bonn.

[13]   ISACA (2013) ISACA-Leitfaden: IT-Risikomanagement—leicht gemacht mit COBIT. Kelkheim.