Public service organizations rely on IT systems to fulfill their missions. IT incidents are more and more frequent and the impacts of IT incidents on the organizations are getting more severe. There is a strong need to manage risks on service related IT systems in public service organizations. Risk management process practiced in software development companies cannot be used in public service organizations directly, due to differences in business processes. This paper presents a risk management model for these kinds of organizations. The methods of using the model to manage risks are illustrated in an example where a number of identified risks are analyzed and risk reduction activities are identified. How to make risk management a continuous and regular event is also suggested. This model can be practiced by public service organizations directly and enrich their own risk list continuously.
|Conference||The 2009 IEEE International Conference on Privacy, Security, risk and Trust(PASSAT-09)/ Workshop on Software Security Process (SSP09)|
|Period||2009/08/31 → …|
- Public service organizations
- Risk management
- Critical IT systems