A qualitative assessment of the status of information security and risk management practices in 3 institutions in Samoa


  • Ioana Tuugalei Chan Mow


information security, security, risk assessment, risk management, risk identification, disaster recovery


In recent years, organisational systems have become more susceptible to threats from malicious actions or inadvertent user errors and from natural and man-made disasters because computers have become more interconnected and, thus, more interdependent and more accessible to a larger number of individuals. In fact, the factors that benefit business operations such as speed of processing and access to information also increase risks of computer intrusion, fraud, and disruption [1]. Hence, with the increasing susceptibility of organizational systems to security threats, risk management and information security have become of utmost importance [2]. A survey was administered by students in a Management of Information systems undergraduate
class to investigate the status of information security and risk management in 3 institutions within the local CBD in Samoa and more specifically what strategies are employed to manage risks in these institutions. In addition, findings from the survey were used to provide local case studies and examples in the course notes to demonstrate concepts of information security and risk management for this Management of Information systems  class at the National University of Samoa.


D.Wenk .Risk Mangement and Business Continuity: Overview and Perspectives, Hitachi, 2005.

D.Danchev. Building and Implementing a Successful Information security Policy, 2003

R.Boase. Final Report ICT4D project for UNDP multicountry office based in Samoa. 2009

R.J.Chapmam. The Effectiveness of Working Group Risk Identification and Assessment Techniques, International Journal of Project Management, vol16(6), pp.333-343, 1998.

R.N.Charette.Software Engineering Risk Analysis and Management, Multiscience Press, 1989.

P.Shimpi. Integrating Corporate Risk Management: New York, Texere LLC, 1999.

V.Brag & F.Wedefelt. Information Risk Management: A case study of major Swedish banks concerning the concept of information risk management, 2004.

J.D.Frame. The New Project Management: Tools for an Age of Rapid Change, Complexity, and Other Business Realities, Jossey-Bass; A Wiley Company, 2002.

Pacific Island Knowledge Assessment – Opportunity Analysis – Final Report, A report commissioned by the World Bank to SMEC and Carl Bro, 8 December 1997

L.Chanco. Final Report, Samoa ICTStatus and Recommendations, Treasury Institutional Strengtehing Project, September, 2001.

K.HOO. How much is enough? A risk-management approach to computer security. Consortium for Research on Information Security Policy (CRISP) Working Paper. Stanford University,Stanford, Calif., June, 2000.

N. Robertson. How to survive a Sudden and Immediate loss of your IT Systems, August, 2005.

Additional Files



How to Cite

Chan Mow, I. T. . (2020). A qualitative assessment of the status of information security and risk management practices in 3 institutions in Samoa. International Journal on Information Technology and Computer Science, 4(2). Retrieved from http://ijitcs.info/index.php/ijitcs/article/view/18



Research Articles