CAPÍTULO 3. RESULTADOS DE IMPLEMENTACIÓN DE LA
3.13 Salvas y Restauración de máquinas virtuales con Veeam Backup & Replication
The goal of the literature study is to identify the different IT risks related to DLT for IoT within literature. At first a list of all the risks mentioned in the papers are extracted, from each risk it is noted from which papers they have been deduced. This total list of risks consists of 57 individual risks of which some are related but not duplicate.
In order to create a better overview of the risks some additional processing has been done. The risks have been analyzed in a mindmap to deduce multiple categories within the risks. Risks that relate to each other were grouped together and a common theme between these risks was found. A total of 5 categories have been defined through this analysis. These categories are the following:
28 CHAPTER4. IT RISKSDESCRIBED INLITERATURE • Strategic Risks • Operational Risks • Security Risks • Legal Risks • Technology risks
The different risks within the risk categories have been consolidated to further group together similar risks. This resulted in a final collection of 29 different risks. Figure 4.3 presents the different steps of the identification process and the number of risks that were carried on from each step. The list of consolidated risks derived from literature including from which papers they stem can be found in appendix B.2.
Initial list of risks [57] Consolidated risks [29] Categorized into risk areas [57] Strategic Risks [6] Operational Risks [10] Security Risks [4] Legal Risks [3] Technology Risks [6] Technology Risks [6]
Chapter 5
IT Risks Described by Field Experts
In order the create a more complete collection of risks, a number of field experts have been consulted to verify and adapt the identified risks from the literature study. A two round Delhpi study has been performed which resulted in a preliminary risk model for further evaluation during a number of case studies.5.1 Study Design
In order to identify IT risks of DLT applications according to field experts, a Delhpi study has been set up. According to Okoli and Pawlowski (2004) the Delphi method leans itself for concept/framework development study following a two-step process namely: identification and elaboration of a set of concepts, and classification and taxonomy development. This approach fits well with the creation of a maturity model as exemplified by a number of maturity model creation studies (De Bruin et al., 2005; Mettler, 2011; Rosemann & Bruin, 2005; Smits & Van Hillegersberg, 2015; Van Dijk, Willem, Van Hillegersberg, & Daneva, 2017). According to Hasson, Keeney, and Mckenna (2000), the Delphi technique is particularly useful in areas of limited research; as is the case for DLT related research. Furthermore it is suited to explore areas where controversy, debate or a lack of clarity exist. This fits perfectly with the current landscape of DLT research, as there are many different opinions on the design and risks relating to DLT applications.
There are a number of different ways to conduct a Delphi study but the techniques all aim for the same goal as characterized by Linstone and Turoff (1975):‘“Delphi may be characterized as a method for structuring a group communication process so that the process is effective in allowing a group of individuals, as a whole, to deal with a complex problem.” The traditional Delphi method was developed by Norman Dalkey of the RAND corporation in the 1950’s (Dalkey & Helmer, 1963). Rowe and Wright (1999) note that a classical Delphi study should consist of four key features: anonymity of Delphi participants, iteration, controlled feedback, and statistical aggregation of group response. The traditional way of conducting a Delphi study is by collecting a number of experts in the same room for a day and having them reach consensus during a number of rounds. However, in order to meet the requirements of a given study, Linstone and Turoff (1975) argue that a Delphi method can also be adapted. For this research the approach of Skulmoski, Francis Hartman, and Krahn (2007) will be used to conduct the study, using questionnaires for a geographically dispersed group of experts.
A two round design has been chosen based on the design used by Rosemann and Bruin (2005). We have excluded ranking the different risks and creating level descriptions which are the third and fourth round of the Delphi study by (Rosemann & Bruin, 2005). This approach has been chosen because of the difficulty of generalizing level descriptions for a number of the identified risk areas
30 CHAPTER5. IT RISKSDESCRIBED BYFIELDEXPERTS
Survey to experts
Preparation
Add additional IT risks Rate satisfaction with risk areas and provide comments
Round 1
Consolidate and revise list of IT risks
Consolidate and revise risk areas
Round 2
Rate list of risks for measurement by model Rate satisfaction with proposed risk areas and provide comments
Round 2
Round 1
Propose list of initial IT risks for DLT
Propose initial risk areas for DLT
Propose definitions for risk areas
Figure 5.1:Study design of the Delphi study during the first rounds of the Delphi study.
During the two rounds, IT risks that are identified in the literature study are adapted and further classified. Figure 5.1 illustrates the design of the two rounds of the study where in the left column the work by the researcher is explained and the left the task for the experts. The first round of the study focuses on brainstorming around the risks and risk areas that have been identified in the literature study. The second round verifies the adapted lists and rates the satisfaction with the newly proposed risks and risk areas.