Publication details

Home Publications Publication details

Considering IT Risk Analysis in Small and Medium Enterprises
Dimopoulos V, Furnell SM, Barlow I
Proceedings of the 1st Australian Information Security Management Conference 2003 (InfoSec03), Perth, Australia, 24 November, 2003
Download links:  Download PDF

Surveys frequently indicate that a significant percentage of Small and Medium Enterprises (SMEs) do not tend to perform IT risk assessment and management. Even though there are a number of risk analysis tools available in the market, there are also several constraints to their adoption that need to be identified. A lack of related expertise and resources often means a lack of security awareness in SMEs, restricting their risk assessment options to the use of checklists, guidelines and managed security services. However these also have drawbacks, and there is a need for a risk analysis methodology that suits the needs of SMEs and can be applied in a more straightforward manner. It is considered that the use of predetermined protection profiles offers a means to simplify risk assessment, and make it accessible to small and medium enterprises from all sectors of the industry.

Dimopoulos V, Furnell SM, Barlow I