Bin Ishaq Alseiari, Khalid (2015) The Management of Risk Awareness in Relation to Information Technology (MERIT). PhD thesis, University of Gloucestershire.
Khalid Bin Ishaq Alseiari-IT Risk Awareness-September-2015.pdf
Available under License All Rights Reserved.
Download (2MB) | Preview
Current business environments are characterised by a wide range of factors and issues which combine to create an unprecedented level of uncertainty and exposure to risks in IT management and all areas of strategic and operational activities. However IT risk awareness presents both a problem and an opportunity to achieve effective IT risk management. This context creates an imperative for conceptualising risk awareness to account for the intensity, diversity and complexity of IT risks ensuring a heightened level of awareness. The central focus of this study is founded on the premise that IT risk awareness among individuals in all levels of the organisation is critical and involves consideration of human and social factors. The research aimed to evaluate current practice in IT risk awareness in police forces and explore what police forces in the UAE can learn from the best practices of other UAE public and private enterprises. The study further aimed to develop a new holistic conceptual model of IT risk awareness supporting IT risk management. Quantitative and qualitative data was collected to achieve the research objectives utilising three main techniques of structured survey, a Delphi method and in-depth interviews. The findings underline that IT risk awareness is not being maximised or embedded in UAE organisations and there is a lack of formalisation of risk management processes. Although the ADP particularly demonstrated these weaknesses this was also reflected to a lesser extent in other UAE organisations. The results show that a diverse level of knowledge in relation to risk awareness and management is evidenced and detailed knowledge of risk management was weak in addition to low awareness of policies and guidelines. Moreover IT risk awareness and management was perceived as solely the domain of IT departments and not as a collective responsibility. A further key finding is validation of all five components of Governance, Compliance, Enterprise, IT GRC and Risk management within the MERIT IT systems risk awareness model, affirming that it is appropriate and important to examine risk awareness in relation to these elements. Model components were further found to be iterative and interdependent and findings highlighted the critical role of governance in facilitating risk awareness and other elements in the model. Finally, risk awareness is found to be critically underpinned and influenced by a complex range of different elements involving cognitive, social, cultural, emotional and psychological aspects in addition to the extent to which people understand a range of different types of risk. The MERIT model provides significant opportunity to identify, assess and address these elements.
|Item Type:||Thesis (PhD)|
|Uncontrolled Keywords:||Information Technology (IT), risk awareness;Information Technology (IT), risk management; Police forces, United Arab Emirates (UAE);|
|Subjects:||H Social Sciences > HD Industries. Land use. Labor > HD28 Management. Industrial Management > HD61 Risk in industry. Risk management
Q Science > QA Mathematics > QA75 Electronic computers. Computer science
|Divisions:||Schools and Research Institutes > School of Computing and Technology|
|Depositing User:||Susan Turner|
|Date Deposited:||23 Oct 2015 12:10|
|Last Modified:||02 Dec 2016 12:24|