IS Auditing, Controls and Assurance

Risk in Information Systems (IS)

What is risk?

The possibility of having negative impact.

Why do we take risk?

Thinking of having positive impact.

Elements of risk

Threats

Types of threats are:

  • Natural disaster

  • Man-made threats

    • Internal

    • External

Internal threats have the possibility of being of higher impact to the organization.

  • Technical

Impact

Measure of damage.

Qualitaty measures can be:

  1. Negligible

  2. Minor

  3. Moderate

  4. Serious

  5. Major

Probabilities

Likelihood of having risk:

  1. Very unlikely

  2. Unlikely

  3. Possible

  4. Likely

  5. Probable

PreviousInformation Systems Auditing, Controls and AssuranceNextRisk Management Process

Last updated