On IT Risk Management Ontology using DEMO

Mariana Rosa, Mariana Rosa, Sérgio Guerreiro, Sérgio Guerreiro, Rúben Pereira


Nowadays, organisations use and rely on Information Technology (IT) solutions. However, despite their benefits, IT solutions induct risks. Consequently, organisations implement Risk Management (RM), more specifically Information Technology Risk Management (IT RM), in order to maximize the effectiveness of IT usage while dealing with IT risks. Nevertheless, IT RM’s implementation is not easy, since numerous standards and frameworks propose multiple RM processes to deal with IT risks. Moreover, these processes are composed of different activities causing confusion. In the end, organisations are not capable of managing risks successfully due to IT RM’s complexity. To overcome IT RM diversity, a Systematic Literature Review (SLR) was conducted. The goal is to identify which are the most essential IT RM activities. The SLR results were then integrated with ISO 31000 and PMBOK standards in the form of an ontology using Design and Engineering Methodology Ontology (DEMO). The contributions of this study are: the aggregate analysis of IT RM activities through the SLR; the identification of reasons and benefits of using DEMO; a description of an IT RM’s essential model designed as an ontology; and a critical view of the benefits of the ontological model proposed.


Paper Citation