Risk Management A Maturity Model based on ISO 31000

被引:11
|
作者
Proenca, Diogo [1 ,2 ]
Estevens, Joao [2 ]
Vieira, Ricardo [1 ,2 ]
Borbinha, Jose [1 ,2 ]
机构
[1] Univ Lisbon, INESC ID Inst Engn Sistemas & Comp Invest & Desen, Lisbon, Portugal
[2] Univ Lisbon, Inst Super Tecn, Lisbon, Portugal
关键词
Risk Management; Maturity Model; ISO; 31000;
D O I
10.1109/CBI.2017.40
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
Risk Management, according with the ISO Guide 73 is the set of "coordinated activities to direct and control an organization with regard to risk". In a nutshell, Risk Management is the business process used to manage risk in organizations. ISO 31000 defines a framework and process for risk management. However, implementing this standard without a detailed plan can become a burden on organizations. This paper presents a maturity model for the risk management process based on ISO 31000. The purpose of this model is to provide an assessment tool for organizations to use in order to get their current risk management maturity level. The results can then be used to create an improvement plan which will guide organizations to reach their target maturity level. This maturity model allows organizations to assess a risk management process according to the best practices defined in risk management references. The maturity model can also be used as a reference for improving this process since it sets a clear path of how a risk management process should be performed.
引用
收藏
页码:99 / 108
页数:10
相关论文
共 50 条
  • [1] ISO 31000-based integrated risk management process assessment model for IT organizations
    Barafort, Beatrix
    Mesquida, Antoni-Lluis
    Mas, Antonia
    [J]. JOURNAL OF SOFTWARE-EVOLUTION AND PROCESS, 2019, 31 (01)
  • [2] PHYSICAL AND LOGICAL SECURITY MANAGEMENT ORGANIZATION MODEL BASED ON ISO 31000 AND ISO 27001
    Pecina, Koldo
    Estremera, Ricardo
    Bilbao, Alfonso
    Bilbao, Enrique
    [J]. 2011 IEEE INTERNATIONAL CARNAHAN CONFERENCE ON SECURITY TECHNOLOGY (ICCST), 2011,
  • [3] Integrated risk management process assessment model for IT organizations based on ISO 31000 in an ISO multi-standards context
    Barafort, Beatrix
    Mesquida, Antoni-Lluis
    Mas, Antonia
    [J]. COMPUTER STANDARDS & INTERFACES, 2018, 60 : 57 - 66
  • [4] The ISO 31000 standard in supply chain risk management
    de Oliveira, Ualison Rebula
    Silva Marins, Fernando Augusto
    Rocha, Henrique Martins
    Pamplona Salomon, Valerio Antonio
    [J]. JOURNAL OF CLEANER PRODUCTION, 2017, 151 : 616 - 633
  • [5] IMPLEMENTATION OF RISK MANAGEMENT IN A CARGO SHIPPING COMPANY BASED ON ISO 31000 STANDARD
    de Azevedo, Renan Araujo
    Dalpias, Elida Cristina
    Marques Oliveira, Thyago Vinicius
    Caires, Ricardo Tomaz
    Rezende, Driano
    da Cruz, Jose Adauto
    Pereira, Marcelo Farid
    Alves Baptista, Aline Takaoka
    Mantovani, Daniel
    [J]. REVISTA CIENTIFICA DA FACULDADE DE EDUCACAO E MEIO AMBIENTE, 2018, 9 (02): : 712 - 717
  • [6] The use of the risk management model ISO 31000 by private security companies in South Africa
    Govender, Doraval
    [J]. SECURITY JOURNAL, 2019, 32 (03) : 218 - 235
  • [7] Technology risk management based on ISO 31000 and ISO 27005, and its contribution to business operation continuity
    Ramirez Castro, Alexandra
    Ortiz Bayona, Zulima
    [J]. INGENIERIA, 2011, 16 (02): : 56 - 66
  • [8] The use of the risk management model ISO 31000 by private security companies in South Africa
    Doraval Govender
    [J]. Security Journal, 2019, 32 : 218 - 235
  • [9] Risk management in the Greek mussel farming through ISO 31000
    Theodorou, John A.
    Tzovenis, Ioannis
    [J]. OCEANOLOGICAL AND HYDROBIOLOGICAL STUDIES, 2024, 53 (01) : 79 - 87
  • [10] The flaws of the ISO 31000 conceptualisation of risk
    Aven, Terje
    [J]. PROCEEDINGS OF THE INSTITUTION OF MECHANICAL ENGINEERS PART O-JOURNAL OF RISK AND RELIABILITY, 2017, 231 (05) : 467 - 468