Abstract

The information systems (IS) are a key asset for organizations. Therefore, managing IS risks becomes more and more important especially within a world in perpetual change. Since IS risk management creates added-value, it must follow a process of continuous improvement orchestrated by a maturity model that figures out available pathways for a better improvement. The studied literature shows the lack of an IS risk management maturity model that considers all IS components and specificities of risk management activity. The present article shows first this lack in the section related to the comparative analysis of the existing models. Then, it proposes a maturity model to address this issue. The proposed model aims to assess the information system risk management activity while considering the dependencies between its elements.

This work is licensed under a Creative Commons Attribution 4.0 License.