Applications for IT-Risk Management – Requirements and Practical Evaluation

Nowadays the importance of a dedicated information security management (ISM) is undisputedly. One essential task in realizing a company´s ISM is to implement a compulsory operational risk management (ORM) aiming also at ensuring the compliance with certain standards. The risks addressed by ORM prevalently result from information systems. A promising approach is to focus on business processes to combine the technical system focused perspective of security management with the more centralized perspective of operational risk management. Within this paper first we will deliver an introduction an integrated IT risk management and its corresponding decisions. Afterwards we will derive requirements for application systems in order to supporting decisions in IT-Risk Management. For this purpose a catalogue of requirements will be developed. Based on this catalogue software systems for IT security management and operational risk management were examined with regard to their adequacy for decision support in IT-Risk Management.