Publication details

Home Publications Publication details

Web-based Risk Analysis for SMEs
Kunder R, Clarke NL
Advances in Communications, Computing, Networks and Security Volume 10, ISBN: 978-1-84102-358-8, pp120-127, 2013
Can be ordered on-line.
Download links:  Download PDF

Information technology has made its present felt everywhere around the world. Organisations too heavily depend on information technology for carrying out their day to day work. Hence it is of utmost importance that the IT infrastructure must be guarded against the various threats that are looming over every other organisations infrastructure. Today, large organisations are taking every step to see to it that their assets are protected from the various threats by doing various risk assessments. Unfortunately but true, various survey and researchers have found out that small and medium enterprises (SME) hardly ever follow security practices. Although there are many solutions available in the market for SME to carry out risk assessment but due to lack of in-house expertise and budget constraints they are unable to carry out such security related assessments since the available tools and other solutions either have high costs or require some expertise to use those solutions.
The purpose of this research is to identify all the problems that act as a hurdle for the SMEs when it comes to performing risk analysis and come up with a novel methodology that can be implemented into a web based risk analysis tool which in return be an useful solution for the SMEs as the tool would be available free of cost, user friendly and most importantly suggest cost effective controls which would ensure the balance between the control implementation cost and also keep the threat levels under check. The designed methodology was then implemented into a working prototype called ERAS (Effective Risk Analysis Solution). The prototype was put under test by involving users from Information security background to check if the tool was successful in achieving the aims with which it was developed. It was clear from the users feedback that the tool was easy to use and understand and also the organisation profiling which is employed by the tool proved to be better than the time consuming questionnaire based approach used by other RA tools and solutions.

Kunder R, Clarke NL