INFORMATION SYSTEMS' RISK MANAGEMENT - AN EMPIRICAL RESEARCH IN ROMANIAN COMPANIES

This paper's purpose is to realize a study at the level of some Romanian companies with private capital, regarding the maturity level they reached in developing information security practices, especially of those regarding the information systems' risk management. The study focuses on the analysis of some indicators specific for the information environment, which reveal the exigencies imposed at managerial, operational, technological, human level for the insurance of a high level of the organization's risk tolerance. Starting from the evaluation indicators of the maturity level in using information risks' management practices, this study permits the conception of a scoreboard set, structured on the considered benchmarking classes. This research shows that the actual stadium regarding the practices assimilation for identifying, assessing and mitigating the information risks in the analyzed companies is still in an incipient phase and it differs depending on the activity sector, the organization's dimension or its dependency degree on the information systems.