Information System and Risk Reassessment

Abstract

This paper belongs to a group of papers dealing with the problems of risk assessment, at first only in the field of occupational health and safety, from where the assessment method originates, but later its implementation is extended to the field of information technology. However, the paper is a step fotward regarding what was said in our previous papers on risk management issues. In these discussions, the method of our School was created regarding risk assessment and a model for risk assessment was developed for application in other areas, including information technology. Furthermore, it stresses possible influences on the formation and definition of the system, both external and some internal concerning business planning. For these cases, a repeated risk assessment was carried out to perceive on a practical example the environmental impact on an information system. Risk reassessment is inevitable when an information system undergoes changes and this is insufficiently covered in the literature.