Risks in the information systems and their evaluation

Abstract

The paper is dedicated to the risks of the information systems. The simplified classification of risks with the specific examples is described in the first part of the paper. We can divide the risks relating to the information systems into two different groups accordingly. The first group is concerned with the components of the information systems. The second group of risks is connected with their exposures. There are both the unconscious and intentional risks from this point of view. The second part of this paper is engaged in the characteristics of the selected methods that are possible to employ in the risk evaluation of the information system. Because of the fact that the users of the information systems are not acquainted with the statistical methods the simplest demonstration of the formulation of the probability of occurrence and the impact of the risk event in the form of the scale system is offered for them. However, this scale system mentioned in this paper is not the only way to measure the risks. The third part of the paper features the procedure of the audit of the information system. This procedure can help anyone who is interested in measuring and verification the risks of the information systems. In addition to the scale system mentioned in this paper we can apply the additional methods of risk analysis and evaluation such as check lists, the Failure Mode and Effect Analysis, decision trees, the sensitivity analysis or Monte Carlo simulations. However, the application of the sensitivity analysis or Monte Carlo simulations requires the high level of the computer literacy.