Considering IT Risk Analysis in Small and Medium Enterprises |
Surveys frequently indicate that a significant percentage of Small and Medium Enterprises (SMEs) do not tend to perform IT risk assessment and management. Even though there are a number of risk analysis tools available in the market, there are also several constraints to their adoption that need to be identified. A lack of related expertise and resources often means a lack of security awareness in SMEs, restricting their risk assessment options to the use of checklists, guidelines and managed security services. However these also have drawbacks, and there is a need for a risk analysis methodology that suits the needs of SMEs and can be applied in a more straightforward manner. It is considered that the use of predetermined protection profiles offers a means to simplify risk assessment, and make it accessible to small and medium enterprises from all sectors of the industry.
Dimopoulos V, Furnell SM, Barlow I