Corporate IT Risk Management model: A holistic view at managing information system security risks

Most organizations in all sectors of industry, commerce and government are fundamentally dependent on their information systems (IS) and would quickly cease to function should the technology (preferably information technology - IT) that underpins their activities ever come to halt [15]. IS and IT may contribute towards efficiency, productivity and competitiveness improvements of both inter-organizational and intra-organizational systems [1]. Successful organizations manage IT function in much the same way that they manage their other strategic functions and processes. This in particular means that they understand and manage risks associated with growing IT opportunities as well as critical dependence of many business processes on IT and vice-versa. IT risk management issues are not only any more marginal or `technical´ problems and become more and more a `business problem´. Therefore, in this paper a Corporate IT Risk Management model is proposed and contemporary frameworks of IT Governance and IS Audit is shown and explained.