**3. Do we have to measure economic effect of IS risk management implementation to promote pro-activeness in risk prevention?**

IS is a tool that supported business connectivity within and outside the organization. It helps to generate information from data processing and analyzed it into meaningful services for managerial decision making. IS is people and service oriented activities that determine the method of gathering, processing, storing and transmitting business information to support managerial operations in the organization [17]. The success of IS risk management dependent on the result of evaluation and efficiency of business processes. The common measure for evaluating IS risk management implementation are quality of productivity and performance efficiency. Quality of productivity is a determent of how the organization utilizes it IS in the production of products and services. Meanwhile, efficiency of IS depends on employees' attitudes and behaviors towards IS usage, task effectiveness, and resource availability.

Technological development and expansion have promoted the recent industrial booming in terms of speedy information processing and decision making. Also, the whole activities in our everyday life has been impacted by IS and technology devices. In a nutshell, IS is a product of information and communication technology (ICT), which includes software, hardware, and other elements communication [18]. Nonetheless, IS involves combination of IT and its applications in the organization as well as the users who enables technology implementation for organizational benefit. Organizational information is related to customers, suppliers, products, operating procedures, equipment, competitors, financial transactions, and regulatory environments [19]. IS risk management implementation helps to safeguard customers' accounts, payroll information, information relating to trade secret, company' financial and non-financial assets and the efficiency of the branch operations [20].

Hence, IS consists of software, people, hardware communication devices, and data that enable information processing, storage, and usage for business purpose. Acemoglu et al. [21] described IS as a package of software connected within the organization to achieve performance efficiency. Abbas [8] also defined IS as a structural means of gathering, entering, processing, storage, managing, controlling, and disseminating business information to achieve business goals and objectives. Rai et al. [10] refers to IS as a system that promotes activities that are concentrated on managing, disseminating, and displaying information. Based on those definitions, IS can be referred to as an essential technology tool that improve performance and competitive advantage of business organization. IS risk management implementation is an emerging area of study and no generally accepted standard to guide organizations on successful implementation of IS risk management. Though, few of such standards exist but limited to certain practices which are limited to a small range of business organizations. Therefore, more studies will help to bridge this gap.

*Assessment of Top Management Commitment and Support on IS Risk Management... DOI: http://dx.doi.org/10.5772/intechopen.96258*
