Enterprise systems have taken full advantage of Information Technology (IT) and Information Systems (IS) to innovate and to create business value. The principal business value for system is utility. System utility is a complex factor that has many contributing variables and the resultant of business value. The metrics of utility are measures such as up-time, customer satisfaction, and so on. In this paper the concern of security as the protection of information assets is discussed in relation to managing the risk of utility. Risk modeling has come under greater scrutiny since the collapse of global financial markets in 2008. A common criticism is that risk models disengage business layers and foster surrogates that anesthetize prudent virtues within the enterprise system. The discussion in this essay proceeds by elaborating current risk modeling trends and concludes by promoting an awareness of the changing scope and expectations for effective business security risk analysis.
Cusack, Brian, "Assessing Business Value of IT and IS Risk: Security Issues" (2009). ACIS 2009 Proceedings. 72.