Quantifying Risk Propagation Within a Network of Business Processes and IT Services
Nowadays, the organic nature of business processes and the increasingly complex and dynamic business environment make organizations face severe operational risks. However, current risk analysis methods of Information Technology (IT) resources ignore inter-process correlation and thus inter-process risk propagation. This gap needs a solution since the rigid alignment of organizations cause the risks which propagate throughout the whole organization to be the most serious operational risks. This paper presents a holistic approach for quantifying risk propagation in business processes based on the risk analysis of their underlying IT and human resources. This approach adapts financial techniques to quantify the level of risk that average and severe events on IT resources generate on individual business processes, and to quantify the risk propagation impact among dependent processes. This approach was applied to an enterprise modeling case study to quantify risk propagation for different risk epicenter scenarios. The results show that the proposed approach is capable of finding and quantifying both direct and indirect dependencies among operational assets within an organization. A high level of accuracy was observed when comparing the actual value of the process risk and the projected value considering risk propagation.
- Citation
- BibTeX
González-Rojas, O., Castro, N. & Lesmes, S.,
Quantifying Risk Propagation Within a Network of Business Processes and IT Services.
Business & Information Systems Engineering: Vol. 63, No. 2.
(S. 129-143).
DOI: 10.1007/s12599-020-00634-3
author = {González-Rojas, Oscar AND Castro, Nicolás AND Lesmes, Sebastian},
title = {Quantifying Risk Propagation Within a Network of Business Processes and IT Services},
journal = {Business & Information Systems Engineering},
volume = {63},
number = {2},
year = {2021},
pages = { 129-143 } ,
doi = { 10.1007/s12599-020-00634-3 }
author = {González-Rojas, Oscar AND Castro, Nicolás AND Lesmes, Sebastian},
title = {Quantifying Risk Propagation Within a Network of Business Processes and IT Services},
journal = {Business & Information Systems Engineering},
volume = {63},
number = {2},
year = {2021},
pages = { 129-143 } ,
doi = { 10.1007/s12599-020-00634-3 }
Sollte hier kein Volltext (PDF) verlinkt sein, dann kann es sein, dass dieser aus verschiedenen Gruenden (z.B. Lizenzen oder Copyright) nur in einer anderen Digital Library verfuegbar ist. Versuchen Sie in diesem Fall einen Zugriff ueber die verlinkte DOI: 10.1007/s12599-020-00634-3
Haben Sie fehlerhafte Angaben entdeckt? Sagen Sie uns Bescheid: Send Feedback
More Info
ISSN: 1867-0202
xmlui.MetaDataDisplay.field.date: 2021
Content Type: Text/Journal Article