Information technology risk management: the case of the International Islamic University Malaysia
Managing risks are crucial in all fields. Information technology risks pose more threats to organisations in three categories: 1) technical and operational risk; 2) data and information security risk; and 3) organisation, project and human risk. Therefore, modern organisations have to face the chal...
| Main Authors: | , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
UTMSPACE
2012
|
| Subjects: | |
| Online Access: | http://irep.iium.edu.my/32107/ http://irep.iium.edu.my/32107/ http://irep.iium.edu.my/32107/1/H_ITRiskManagement_CReadydoc.pdf |
| Summary: | Managing risks are crucial in all fields. Information technology risks pose more threats to organisations in three
categories: 1) technical and operational risk; 2) data and information security risk; and 3) organisation, project and human risk. Therefore, modern organisations have to face the challenging new and increasing threats from IT risks in more
sophisticated manners. This task is difficult if it is not properly given due care by top management and implemented
diligently with duty of care by the responsible teams. The main objective of the paper is to develop an information
technology risk management framework for International Islamic University Malaysia (IIUM) based upon series of
consultant group discussions, risk management formulation, business process identification, quantification of risk
weightage and classification of core risk factors in a university environment. The proposed risk management method has
been applied to IIUM case. This study uses an action research approach with the active involvement of the researchers and
stakeholders in order to identify, analyse and respond to risks. The analysis draws upon both empirical research and a real
case study. The study finds that top management acknowledges the important pervasive role of information technology in
organisations and that consequential threats originating and created from the use of IT hardware and software can be
detrimental to organisational effectiveness and efficiency. The dangers could cause financial, privacy, security and data losses. As a result, IIUM engaged its ICT strategic business unit to draw and design a new IT risk management framework based on the current problems and settings. The framework, however, can be applied to other Malaysia public and private universities. Moreover, it is also suitable for replication in non-academic institutions with a few minor adjustments. |
|---|