外文文献：组织中的信息和通信技术风险管理：泰国商业研究案例.pdfVIP

th 19 Australasian Conference on Information System ICT risk management in organizations 3-5 Dec 2008, Christchurch Kumsuprom, et al. ICT Risk Management in Organizations: Case studies in Thai Business Siridech Kumsuprom Brian Corbitt Siddhi Pittayachawan School of Business Information System, RMIT University Melbourne Australia Email: siridech.kumsuprom@.au; brian.corbitt@.au; siddhi.pittayachawan@.au Abstract Risks related to information communication and technologies (ICTs) still occur in organizations. In spite of development of ICT risk management methodologies that have been published in numerous frameworks and/or standards to help organizations deal with ICT risks, it has still been questioned about whether or not its methodology has manifested success. This research identifies the current profile of ICT risk management planning and investigates success in implementation in Thai organizations of both the Control Objectives for the Information and related Technology (COBIT) framework and the ISO/IEC 17799 standard for dealing with ICT risk management. The findings from three case studies indicate that successful ICT risk management planning focuses on the collaboration between the management level activities and the operational level activities in order to cope with ICT risks successfully. Keywords ICT risk management; COBIT; ISO/IEC 17799; Information security management INTRODUCTION The rapid development of