Welcome to the InfoSci Platform
Reference Hub6
A Risk Management Model for an Academic Institution's Information System

A Risk Management Model for an Academic Institution's Information System

Michael Dreyfuss, Yahel Giat
Copyright: © 2018 |Volume: 31 |Issue: 1 |Pages: 14
ISSN: 1040-1628|EISSN: 1533-7979|EISBN13: 9781522542285|DOI: 10.4018/IRMJ.2018010104
Cite Article Cite Article

MLA

Dreyfuss, Michael, and Yahel Giat. "A Risk Management Model for an Academic Institution's Information System." IRMJ vol.31, no.1 2018: pp.83-96. http://doi.org/10.4018/IRMJ.2018010104

APA

Dreyfuss, M. & Giat, Y. (2018). A Risk Management Model for an Academic Institution's Information System. Information Resources Management Journal (IRMJ), 31(1), 83-96. http://doi.org/10.4018/IRMJ.2018010104

Chicago

Dreyfuss, Michael, and Yahel Giat. "A Risk Management Model for an Academic Institution's Information System," Information Resources Management Journal (IRMJ) 31, no.1: 83-96. http://doi.org/10.4018/IRMJ.2018010104

Export Reference

Mendeley
Favorite Full-Issue Download

Abstract

This article describes a two-step decision support model for investing in information technology security, both development and application. In the first step, the risk level of each of the system's components is mapped, with the aim of identifying the subsystems that pose the highest risk. In the second step, the model determines how much to invest in various technological tools and workplace culture programs to enhance information security. An application of this model to an information system in an academic institution in Israel is described. This system comprises ten subsystems and the authors identify the three that bear the most risk. These findings are used to determine the parameters of the investment allocation problem and find the optimal investment plan. The results of the model's application indicate that hacking for the purpose of cheating is a greater threat than other types of security issues. Additionally, the results support the claim that information security officials tend to overinvest in security technological tools and underinvest in improving security workplace culture.

Request Access

You do not own this content. Please login to recommend this title to your institution's librarian or purchase it from the IGI Global bookstore.