Factors affecting the adoption of IT risk analysis
Risk analysis is a necessary procedure for ensuring the appropriate protection of an organisation?s IT infrastructure. However, its adoption within small and medium enterprise environments is often limited, with typical constraints including lack of in-house expertise, funding, and awareness, as well as the complexity of existing tools. This paper assesses these factors, and proposes theDimopoulos V, Furnell SM, Barlow I, Lines BL
basis of an alternative methodology to enable small enterprises to conduct their own risk assessment. The proposal is based upon
the use of predetermined protection profiles for assets, personnel and countermeasure solutions.