Research on Building Baseline of IT Risk Control and Its Application in IT Risks Management



Based on ERM of COSO and IT life-cycle theory, this paper analyzed enterprise’s IT risk management needs and its environment, provided the definition of baseline IT risk control, proposed the framework and models of constructing IT risk control baseline in enterprises, and finally discussed its elements and construction methods of IT risk control baseline. Applying the baseline model of IT risk control into IT risk management works of enterprises, it will be a powerful tool and means for the enterprise IT risk management.


IT risk management; Baseline of IT risk control; Risk environment; Risk control

Full Text:



Fang H. X., & Wang, H. (2008). Enterprise risk management — Integrated framework. Dalian, China: Dongbei University of Finance & Economics Press.

Li, C., & Wang, W. (2009). The application of security baseline control in risk management process. Network Security Technology & Application, (9), 4-7.

Liu, A. G. (2009, August 5). A review of snapshot technology development. Retrieved 2011, August 5 from

Liu, T. (2000). Research of building security baseline of complicated information system. Chinese Journal of Management Science, (8), 636-644.

Lu, J. Y. (2011). Information system risk management. Beijing: Tsinghua University Press.

Lü, X. (2006). Security classification methods and baseline guarantee strategy of E-government information system. Netinfo Security, (9), 34-36.

Ma, G. Y., & Shen, J. (2011). How to better serve the function of communication network as security baseline. Telecommunications Technology, (5), 11-14.

Ma, Y. (2005). Technological development and technological risk management. Forum on Science and Technology in China, (1), 33-36.

Sang, Z.Q. (2007). Security baseline and hierarchy protection of telecommunication operating enterprises. Telecommunications Network Technology, (9), 4-7.

Starr, C. (1969). Social benefit versus technological risk. Science, 165, 1232-1238.

Wang, Y. C., Zhang, J. L., Lu, X. Y., & Chen, Y. (2005). Risk Identification of IT projects during total life cycle. Chinese Journal of Management, S2 (9), 5-9.

Yang, T. (2010). The commercial bank’s information technology risk and the prevention. Finance Forum, (11), 66-70.

Yang, T. (2010). Study on the information technology risk in the commercial bank of China. Information Security and Technology, (06), 66-70.



  • There are currently no refbacks.

Copyright (c)

Share us to:   


  • How to do online submission to another Journal?
  • If you have already registered in Journal A, then how can you submit another article to Journal B? It takes two steps to make it happen:

1. Register yourself in Journal B as an Author

  • Find the journal you want to submit to in CATEGORIES, click on “VIEW JOURNAL”, “Online Submissions”, “GO TO LOGIN” and “Edit My Profile”. Check “Author” on the “Edit Profile” page, then “Save”.

2. Submission

  • Go to “User Home”, and click on “Author” under the name of Journal B. You may start a New Submission by clicking on “CLICK HERE”.

We only use three mailboxes as follows to deal with issues about paper acceptance, payment and submission of electronic versions of our journals to databases:;;

 Articles published in Management Science and Engineering are licensed under Creative Commons Attribution 4.0 (CC-BY).


Address:1055 Rue Lucien-L'Allier, Unit #772, Montreal, QC H3G 3C4, Canada.

Telephone: 1-514-558 6138
Http:// Http://

Copyright © 2010 Canadian Research & Development Centre of Sciences and Cultures