Methodology and Governance of the IT Risk Management
No. 31 (2010-01-01)Author(s)
-
Ricardo Gómeza Ingeniero de Sistemas y Computación. Ingeniero de Proyectos CIFI – Informática. Facultad de Ingeniería. Universidad de los Andes. Bogotá D.C., Colombia. ricgomez@uniandes.edu.co
-
Diego Hernán Pérezb Ingeniero industrial, Especialista en sistemas de información. Consultor en temas de estrategia y procesos de TI. Profesor catedrático. Facultad de Ingeniería. Universidad de los Andes. Bogotá D.C., Colombia. perezdiegohernan@yahoo.com
-
Yezid Donosoc Ph.D. en Tecnologías de Información. Profesor Asociado, Departamento de Ingeniería de Sistemas y Computación. Grupo COMIT. Facultad de Ingeniería. Universidad de los Andes. Bogotá D.C., Colombia. ydonoso@uniandes.edu.co
-
Andrea Herrerad M.Sc. Magíster en Ingeniería de Sistemas y Computación. Instructora, Departamento de Ingeniería de Sistemas y Computación. Grupo TION. Facultad de Ingeniería. Universidad de los Andes. Bogotá D.C., Colombia. a-herrer@uniandes.edu.co
Abstract
The organizations are more interested in the impact that can generate risk and in particular associated to IT. Every day it is possible to see that different business of sectors like: finance, governance, health, production, among others, they are reporting economical lost due to fails or attacks over theirs IT services, which can affect the reputation, relationships with the clients and their self financial and operational robustness. There are two fundamental pillars for the risk analysis: standards and norms and the other side the methodologies; with these pillars along is impossible to assure the results without the governability of this risk analysis. In this paper, we show what kind of standards and legal documents must be considered in a risk assessment process and after we are going to explain how is possible to use a methodology and how to connect this methodology with the IT governance process in a successful way.