Risk Analysis for Information Systems

Authors

David G.W. Birch, Hyperion Systems Limited, Surrey, UK
Neil A. Mcevoy, Hyperion Systems Limited, Surrey, UK

Document Type

Case

Abstract

This paper presents an integrated approach to risk analysis for Information Systems (IS) using the Structured Risk Analysis (SRA) methodology developed at Hyperion. SRA has been used, very successfully, to perform risk analysis both for security-oriented risk analysis in the City and safety-oriented risk analysis for the European Space Agency. This paper develops and describes a particular instance of the SRA methodology for IS. Excluding safety-critical applications allows certain simplifications to the methodology in the case of IS. These simplifications make structured risk analysis for information systems (SRA-IS) a practical and cost-effective basis for risk analysis and risk management in commercial organizations.

DOI

10.1177/026839629200700107

Recommended Citation

Birch, David G.W. and Mcevoy, Neil A. (1992) "Risk Analysis for Information Systems," Journal of Information Technology: Vol. 7: Iss. 1, Article 7.
DOI: 10.1177/026839629200700107
Available at: https://aisel.aisnet.org/jit/vol7/iss1/7