چكيده به لاتين
Abstract
Today, organizations and systems are located in an environment full of challenges and changes. Therefore, in such an environment for survival and continued existence, it is necessary to evolve and timely response to their environment. The most important factors that must be considered during decision making are potential and certain risks that can affect the results of decisions.
Risk management is one of the main areas of project management knowledge in accordance with valid standard PMBOK project management knowledge which is important part of successful implementation of the project. Risk management is a precautionary process that in a specified strategy framework considered all of project’s opportunities and threats and allow project managers to consider all of strategies and possible solutions, select optimized actions, and achieve project to strategic goals. The most important risk management activities is the process of risk response strategies planning that despite its importance, there are a few accepted and trusted methods for it. By definition, project risk is a situation or uncertain event that could have positive or negative effect on the project's goals. It is called a threat when the risk has a negative effect on the project objectives and if the risk affects positively, it is an opportunity. All projects are invariably faced with some risks which is due to the unique nature of the project and containing pre-determined goals such as time, cost, quality, productivity, and so on. In recent studies, the need for recognizing risk and effective project risk management has attracted the attention of many investigators and this led to the development of project risk management.
This study attempts to analyze risk management in the field of IT in organizations that typically utilize information technology (focusing on the field of information security) and assess, predict, and analyze the risks, strengths, and weaknesses in this area and present the strategic framework for risk management in the field of security. Also, a case study of the structure of the research in the area of activities of a bank (Bank Refah Kargaran) will be analyzed and results under Executive conclusion of the framework proposed in this study will be presented. Bank as an organization and among the pioneers of the use of information technology and information security within the organization is considered as the most important organizations, they need a strategic plan in order to manage its information security risks. In this study, we try to analyze the indicators of the bank's risk management, case study discussions, and research about it at the base, to provide strategies and implementing strategies for framing the security risk management in the banks.
Keywords: Framework, Strategy, Risk management, Information technology, Security
