Theoretical framework for Risk management monitoring, review and improvement process of FLOSS applications using key risk indicators - KRI at a public agency

Authors
Fortino, Marcelo Horacio; Silva, João Marcelo da; Santos, Milvon Lopes dos; Neto, Marcelo Ataíde; Leal, Marcelo Mafra
Publication Year
2018
Language
English
Format
conference paper
Status
Published version
Description
In the last decade, and due to a number of factors, including budget constraints caused by the economic crisis and the promotion of Free and Open Source Software - FLOSS by the brazilian federal government, public bodies have been increasingly using FLOSS both to cover own operational needs and to offer new and varied services to citizens. In this context, good governance rules suggest the establishment of the risk management process, which, in accordance with the ISO/IEC 27005 and ISO/IEC 31000 rules, broadly defines the context definition, analysis and risk assessment, risk management, communication, and critical risk monitoring and review of the organization’s assets. For the risk monitoring and review process, the COSO organization promotes the use of key risk indicators - KRI that help monitor alerts, changes in risk conditions, or new risks that may arise in the course of day to day operations. This article aims to present the theoretical framework for Risk management monitoring, review and improvement process of FLOSS applications using key risk indicators - KRI at a public agency.
Sociedad Argentina de Informática e Investigación Operativa
Subject
Ciencias Informáticas
KRI
FLOSS
COSO
ISO 27005
Open-Source Software
OSS, Risk Management
Access level
Open access
License
Creative Commons Attribution-ShareAlike 3.0 Unported (CC BY-SA 3.0)
Repository
SEDICI (UNLP)
Institution
Universidad Nacional de La Plata
OAI Identifier
oai:sedici.unlp.edu.ar:10915/72007