|ترجمه عنوان مقاله||سیستم مدیریت ریسک فناوری اطلاعات با استفاده از مدل سیستم پایدار (VSM): اقدام پژوهی برای مدیریت ریسک مرتبط با فناوری اطلاعات در خدمات بانکی|
|عنوان انگلیسی مقاله||Viable IT Risk Management System by Viable System Model (VSM): Action Research for Managing IT-related Risk in the Banking Service|
|انتشار||مقاله سال ۲۰۲۲|
|تعداد صفحات مقاله انگلیسی||۱۷ صفحه|
|هزینه||دانلود مقاله انگلیسی رایگان میباشد.|
|پایگاه داده||نشریه اسپرینگر|
|نوع نگارش مقاله
||مقاله پژوهشی (Research article)|
|مقاله بیس||این مقاله بیس میباشد|
|نمایه (index)||scopus – master journals – JCR|
|فرمت مقاله انگلیسی|
||۱٫۵۰۰ در سال ۲۰۲۰|
|شاخص H_index||۳۵ در سال ۲۰۲۱|
|شاخص SJR||۰٫۳۷۹ در سال ۲۰۲۰|
|شاخص Quartile (چارک)||Q3 در سال ۲۰۲۰|
|رشته های مرتبط||مهندسی فناوری اطلاعات|
|گرایش های مرتبط||تجارت الکترونیکی – مدیریت سیستم های اطلاعاتی – سامانه های شبکه ای|
|نوع ارائه مقاله
||ژورنال یا کنفرانس|
|مجله / کنفرانس||عمل سیستمی و اقدام پژوهی – Systemic Practice and Action Research|
|دانشگاه||Department of IT Management, Science and Research Branch of Islamic Azad University, Iran|
|کلمات کلیدی||سیستم مدیریت ریسک فناوری اطلاعات، VSM، مدیریت ریسک سازمانی (ERM)، حاکمیت فناوری اطلاعات، ریسک فناوری اطلاعات، خدمات بانکی|
|کلمات کلیدی انگلیسی||Viable IT Risk Management system, VSM, Enterprise Risk Management (ERM), IT governance, IT risk, Banking services|
|شناسه دیجیتال – doi
|وضعیت ترجمه مقاله||ترجمه آماده این مقاله موجود نمیباشد. میتوانید از طریق دکمه پایین سفارش دهید.|
|دانلود رایگان مقاله||دانلود رایگان مقاله انگلیسی|
|سفارش ترجمه این مقاله||سفارش ترجمه این مقاله|
|فهرست مطالب مقاله:|
The Application of Viable System Model (VSM) in IT governance
|بخشی از متن مقاله:|
In recent years, some standards and frameworks proposed the risk management structures for managing and controlling IT risk that is the main component of enterprise governance of IT. Unfortunately, these frameworks have a retrospective view of threat analysis and less pay attention to future threats in the business environment, and do not propose adaptable solutions. At the same time, the current risk framework is not based on a strong scientific system modeling. In this research, the researcher proposed the Viable System Model (VSM) as an adaptable and comprehensive framework that is based on scientific modeling with the systematic approach for managing and controlling IT risk in today’s complex business environment. This research did in a systematic action research methodology in the banking context in Iran. The results showed that by applying the VSM as a framework for managing IT risk, adaptability of IT risk criteria according to the future threats can be achieved by this framework. A comprehensive risk management framework (retrospective and prospective view) with a systematic approach could be achieved by this system modeling.
The development of new technologies in IT caused the increased complexity of this feld in recent years. Due to this complexity, the risk related to IT becomes more critical and if these risks ignored, it could be dangerous for achieving business objectives. Nowadays, IT risk management system became the main concern of senior managers of organizations. Meanwhile, many organizations that have not a good understanding of IT risk management systems have spent a lot of money to reduce IT risks, but they just waste their money and not successful in managing the IT risks. “Many organizations struggle with risk assessment and some believe that it shouldn’t be practiced at all! Many do some form of risk assessment, but often badly, or incompletely. Some just don’t bother, preferring an approach which relies on standards and baselines to manage the common risks, some just ignore the problem and trust to hope. (Coles and Moulton 2003)”.
Risk is a combination of the probability of an event and its impacts (negative and positive) in business, which is usually referred to as the negative impacts that could be afected the business goals. Information Security Risk (ISR) is defne by ISO 31000 as “a combination of two factors: probability and consequences. It asks two basic questions: what is the probability that a particular information security event will occur in the future? And what consequences would this event produce or what impact would it have if it actually occurred? Information security risks often emerge because potential security threats are identifed that could exploit vulnerabilities in an information asset or group of assets and therefore cause harm to an organization” (Fazlida and Said 2015).
In this research, by applying the soft system models such as the VSM as an adaptable framework for managing IT risk, we can guarantee the adaptability and viability of the IT risk management system. The VSM has a strong scientifc foundation, which based on system science, cybernetics approach, and variety engineering and is a good candidate as a framework for IT risk management system because the dynamic changes of business /IT environment require an adaptable framework for managing IT risks for aligning and integrating IT risk strategy with the business risk strategy.
By using the variety engineering (Ashby law) in VSM, the front line employee is encouraged to manage the IT risk (creating autonomous system 1) and this can be helpful to increase the quality of IT risk management systems by managing risk at the front line (detecting and mitigating risk at the source). The results show us the best approach to manage the IT risk is building an autonomous system (system1) to deal with risk at the front line and VSM brings these benefts for us in system 1. By the communication channels between subsystems in VSM, a big picture of the current IT risk profle shared between the operational units (S1) and the management system and this can be helpful to establish a holistic approach in the IT risk management system. Therefore, the results show us that VSM can propose a holistic approach for IT risk management system, which has not been paying attention to this important point in any other risk framework. Not paying attention to a holistic approach in a risk management system can be a threat of duplicating risk analysis (wasteful work) in diferent units, which are working in the isolated environment.