A maturity model for the management of information technology risk
Computer Information Systems
Information Technology (IT) systems are at risk from malicious actions, man-made and natural disasters, or inadvertent errors made by users of these systems. Over the past few decades, IT applications have become more susceptible to these risks because of the wide spread usage of computers, the interconnectivity of these computers, and rapid development of Internet applications. Organizations may start with an ad hoc approach to dealing with risk management of their IT applications. Some might consider moving into the direction of formalizing their approach to risk management. It is of great benefit for these organizations to have a model that help them assess their standing with respect to risk management in terms of its comprehensiveness, structure, and completeness. In this paper we describe a comprehensive IT Risk Management Maturity Model. This objective is accomplished by integrating widely recognized IT risk management models with similarly widely recognized maturity models. Adapted from the source document.
Farah, B. (2011). A maturity model for the management of information technology risk. International Journal of Technology, Knowledge and Society, 7 (1), 13–26.