scholarly journals ERMOCTAVE: A Risk Management Framework for IT Systems Which Adopt Cloud Computing

2019 ◽  
Vol 11 (9) ◽  
pp. 195 ◽  
Author(s):  
Masky Mackita ◽  
Soo-Young Shin ◽  
Tae-Young Choe
Keyword(s):  
Cloud Computing ◽  
Risk Management ◽  
Enterprise Risk Management ◽  
Management Framework ◽  
Risk Management Framework ◽  
Vulnerability Evaluation ◽  
It Systems ◽  
Management Processes ◽  
Enterprise Risk

Many companies are adapting cloud computing technology because moving to the cloud has an array of benefits. During decision-making, having processed for adopting cloud computing, the importance of risk management is progressively recognized. However, traditional risk management methods cannot be applied directly to cloud computing when data are transmitted and processed by external providers. When they are directly applied, risk management processes can fail by ignoring the distributed nature of cloud computing and leaving numerous risks unidentified. In order to fix this backdrop, this paper introduces a new risk management method, Enterprise Risk Management for Operationally Critical Threat, Asset, and Vulnerability Evaluation (ERMOCTAVE), which combines Enterprise Risk Management and Operationally Critical Threat, Asset, and Vulnerability Evaluation for mitigating risks that can arise with cloud computing. ERMOCTAVE is composed of two risk management methods by combining each component with another processes for comprehensive perception of risks. In order to explain ERMOCTAVE in detail, a case study scenario is presented where an Internet seller migrates some modules to Microsoft Azure cloud. The functionality comparison with ENISA and Microsoft cloud risk assessment shows that ERMOCTAVE has additional features, such as key objectives and strategies, critical assets, and risk measurement criteria.

scholarly journals Managers’ Support – A Key Driver behind Enterprise Risk Management Maturity

2017 ◽  
Vol 20 (s1) ◽  
pp. 25-39 ◽  
Author(s):  
Danijela Miloš Sprčić ◽  
Antonija Kožul ◽  
Ena Pecina
Keyword(s):  
Risk Management ◽  
Economies Of Scale ◽  
System Development ◽  
Holistic Approach ◽  
Enterprise Risk Management ◽  
Management Framework ◽  
Risk Management Framework ◽  
Management Processes ◽  
Enterprise Risk ◽  
System Maturity

Abstract Severe consequences of the global fi nancial crisis resulted in re-thinking the risk management processes and approaches, highlighting the need for a comprehensive risk management framework. Consequently, more and more companies are moving away from the Traditional “silo-based” Risk Management (TRM) to a more holistic approach known as Enterprise Risk Management (ERM). This paper presents results of both exploratory and empirical research. First, we develop ERM Index that measures maturity of ERM process within the company. Then, we present empirical results on the level of maturity and determinants of risk management system development in listed Croatian companies. Research indicates low levels of ERM development: even 38 per cent of analysed companies have no elements of ERM system, from which 22 per cent do not manage corporate risks at all. Except the company’s size supported by the economies of scale argument, managers’ support is the most important determinant of ERM system maturity in Croatian companies.

Pension Risk Management in the Enterprise Risk Management Framework

2017 ◽  
Vol 84 (S1) ◽  
pp. 345-365 ◽  
Author(s):  
Yijia Lin ◽  
Richard D. MacMinn ◽  
Ruilin Tian ◽  
Jifeng Yu
Keyword(s):  
Risk Management ◽  
Enterprise Risk Management ◽  
Management Framework ◽  
Risk Management Framework ◽  
Enterprise Risk

scholarly journals Risk management in higher education: An open distance learning perspective

2019 ◽  
Vol 19 ◽  
pp. 74-98
Author(s):  
J S Wessels ◽  
E Sadler
Keyword(s):  
Higher Education ◽  
Risk Management ◽  
Distance Learning ◽  
Reading Strategies ◽  
Enterprise Risk Management ◽  
Management Framework ◽  
Risk Management Framework ◽  
Enterprise Risk ◽  
Iso 31000 ◽  
Scholarly Discourse

This article contributes to the continuing scholarly discourse on risk and risk management within the context of higher education institutions by reporting on a qualitative assessment of the appropriateness of the risk management framework of a selected open distance learning institution. The assessment is based on a single instrumental case study of an open distance learning institution. The assessment was undertaken by conducting a qualitative content analysis of the institution’s enterprise risk management framework document. For the purpose of this analysis, two reading strategies were followed, namely the reproductive (literal) and hermeneutic reading strategies. This article’s unique contribution to the scholarly discourse is to apply a conceptual framework derived from the work by Tufano (2011) providing trustworthy evidence that the critique by Leitch’s (2010) on the ISO 31000:2009 standard does not necessarily have an empirical sound foundation. The research has indicated that an enterprise risk management framework meeting the ISO 31000:2009 standard, is not only appropriate for a risk imbedded open distance higher education institution such as the selected institution, but has the potential to contribute significantly to the enhancement of the institution’s mission, strategic goals and objectives within an astringent national regulatory and funding context and an ever-changing international higher education landscape.

Sign in / Sign up

Export Citation Format

Share Document