Mr. Bilal Al Sabbagh's IPICS 2010 Essay on Cultures and Risk Management

Abstract

Information systems are implemented and utilized by organizations to support their business processes, which in turn enable organizations to achieve their ultimate goals and objectives. Managing the risks surrounding those information systems resources is crucial for maintaining the stability of the organization business. Risk management is a process that involves high level of human activities and interactions, mainly the risk management team, organization staff and auditors. Those individuals have certain values and attitudes inherited from their cultural background. The purpose of this research is to “explore” how considering those values and attitudes can make the risk management process “affective and efficient”. Through “theoretical analysis”, we have applied Hofstede cultural framework in order to explore how different cultures perceive risks differently and how their values and attitudes might imply different leadership styles, interaction behavior and even different security risks. The outcome of this study has helped us on “discovering” the relationship between the risk management process and organization staff cultural background. This in turn would provide a valuable input to “design” what can be called a “socio-cultural framework” that can be considered during the risk management process in different organization of different cultures in order to “optimize” the process and provide the risk management team an insight on possible unforeseen security risks or individuals and managers attitudes and favorable communication and work patterns.