University of Zagreb. University of Zagreb, Faculty of Humanities and Social Sciences. Department of information and Communication sciences.
Abstract
Težište ovog rada je na informacijskim sustavima i upravljanju rizicima informacijskog sustava. Zbog sve bržeg razvoja informacijskih i komunikacijskih tehnologija sve se više organizacija oslanja na informacijske sustave. Radi se o sustavima dizajnirani za prikupljanje, obradu, pohranjivanje i distribuciju informacija. Oni potpomažu organizaciji u ostvarivanju postavljenih ciljeva i donošenju pravih odluka. Iz tog razloga proces upravljanja rizicima igra važnu ulogu u zaštiti informacija i organizacije od IT-rizika. Djelotvorno upravljanje rizicima čini važnu komponentu za uspješno funkcioniranje informacijskog sustava, a sastoji se od dva glavna koraka; procjene rizika i ublažavanje rizika. Upravljanje rizicima ne omogućuje samo prepoznavanje slabosti i ranjivosti sustava nego i predviđanje, a time i sprječavanje nastanka štete. Kako bi se podržala informacijska sigurnost razvili su se različiti standardi i okviri, a među najpoznatijima su Obitelj ISO 27000 normi, CobiT i ITIL. KThe focus of this paper are information systems and their risk management. Information systems are systems designed to collect, process, store and distribute information. The rapid growth of information and communication technology has led organizations to rely on information systems more than ever. In this digital age almost every organization uses information systems to process their information. They support the organization to achieve their mission and to make better decisions. Therefore, risk management plays a critical role in protecting an organization's information assets and thus its mission from IT-related risks. An effective risk management process is an important component of a successful information system and includes two main steps; risk assessment and mitigation. With risk management its not only possible to notice system weaknesses and vulnerability, but also to predict and prevent a possible harmful event. Therefore, standards and frameworks were developed to help organizations manage information systems and security. Some of the most popular are ISO/IEC 27000 family, CobiT and ITIL, which also will be briefly presented
