IIUM Repository

Information technology risk management: the case of the International Islamic University Malaysia

Ahlan, Abdul Rahman and Arshad, Yusri (2012) Information technology risk management: the case of the International Islamic University Malaysia. Journal of Information Systems Research and Innovation, 1. pp. 58-67. ISSN 2289-1358

[img] PDF (Information technology risk management: the case of the International Islamic University Malaysia) - Published Version
Restricted to Repository staff only

Download (255kB) | Request a copy

Abstract

Managing risks are crucial in all fields. Information technology risks pose more threats to organisations in three categories: 1) technical and operational risk; 2) data and information security risk; and 3) organisation, project and human risk. Therefore, modern organisations have to face the challenging new and increasing threats from IT risks in more sophisticated manners. This task is difficult if it is not properly given due care by top management and implemented diligently with duty of care by the responsible teams. The main objective of the paper is to develop an information technology risk management framework for International Islamic University Malaysia (IIUM) based upon series of consultant group discussions, risk management formulation, business process identification, quantification of risk weightage and classification of core risk factors in a university environment. The proposed risk management method has been applied to IIUM case. This study uses an action research approach with the active involvement of the researchers and stakeholders in order to identify, analyse and respond to risks. The analysis draws upon both empirical research and a real case study. The study finds that top management acknowledges the important pervasive role of information technology in organisations and that consequential threats originating and created from the use of IT hardware and software can be detrimental to organisational effectiveness and efficiency. The dangers could cause financial, privacy, security and data losses. As a result, IIUM engaged its ICT strategic business unit to draw and design a new IT risk management framework based on the current problems and settings. The framework, however, can be applied to other Malaysia public and private universities. Moreover, it is also suitable for replication in non-academic institutions with a few minor adjustments.

Item Type: Article (Journal)
Additional Information: 1716/32107
Uncontrolled Keywords: information technology; risk management; action research; Malaysia universities; public sector
Subjects: T Technology > T Technology (General)
T Technology > T Technology (General) > T55.4 Industrial engineering.Management engineering. > T58.6 Management information systems
Kulliyyahs/Centres/Divisions/Institutes (Can select more than one option. Press CONTROL button): Kulliyyah of Information and Communication Technology > Department of Information System
Kulliyyah of Information and Communication Technology > Department of Information System
Depositing User: Assoc Prof Dr. Abd Rahman Ahlan
Date Deposited: 02 Oct 2013 11:32
Last Modified: 02 Oct 2013 11:32
URI: http://irep.iium.edu.my/id/eprint/32107

Actions (login required)

View Item View Item

Downloads

Downloads per month over past year