Reference Hub

This research has been cited in:

Article
It is not my job: exploring the disconnect between corporate security policies and actual security practices in SMEsInformation & Computer Security10.1108/ICS-01-2019-0010
Article
Investigating the Security Divide between SME and Large Companies: How SME Characteristics Influence Organizational IT Security InvestmentsInformation Systems Frontiers10.1007/s10796-019-09959-1
Article
Spatio-Temporal Graph for Improvement of Decision-Making in Risks TreatmentInternational Journal of Decision Support System Technology10.4018/IJDSST.303945

Towards a Framework to Improve IT Security and IT Risk Management in Small and Medium Enterprises

Stephan Mühe, Andreas Drechsler

Source Title: International Journal of Systems and Society (IJSS)4(2)

ISSN: 2327-3984|EISSN: 2327-3992|EISBN13: 9781522515760|DOI: 10.4018/IJSS.2017070104

Cite Article Cite Article

MLA

Mühe, Stephan, and Andreas Drechsler. "Towards a Framework to Improve IT Security and IT Risk Management in Small and Medium Enterprises." IJSS vol.4, no.2 2017: pp.44-56. http://doi.org/10.4018/IJSS.2017070104

APA

Mühe, S. & Drechsler, A. (2017). Towards a Framework to Improve IT Security and IT Risk Management in Small and Medium Enterprises. International Journal of Systems and Society (IJSS), 4(2), 44-56. http://doi.org/10.4018/IJSS.2017070104

Chicago

Mühe, Stephan, and Andreas Drechsler. "Towards a Framework to Improve IT Security and IT Risk Management in Small and Medium Enterprises," International Journal of Systems and Society (IJSS) 4, no.2: 44-56. http://doi.org/10.4018/IJSS.2017070104

Export Reference

Favorite Full-Issue Download

View Full Text HTML

View Full Text PDF

Abstract

In this article, an IT risk management (ITRM) framework for small and medium enterprises (SMEs) is designed and evaluated. The framework's objective is to provide an uncomplicated and accessible ITRM approach primarily aimed at SMEs without a dedicated ITRM. The framework combines essential elements from three leading (IT) risk management frameworks: COBIT 5 for Risk, ISO/IEC 27005:2011 and M_o_R. The framework was developed by employing a design science research methodology for social artefacts and evaluated in two healthcare SMEs. The ITRM framework itself was assessed as comprehensible and potentially useful. Simultaneously, over-arching IT governance issues prevented the immediate framework implementation in the two cases. IT management researchers can draw on this article's findings to better understand the role of the social context in SMEs to achieve an effective practical impact. Practitioners in SMEs can draw on the current state of the framework for an initial ITRM implementation or to increase their current ITRM approaches' maturity.

You do not own this content. Please login to recommend this title to your institution's librarian or purchase it from the IGI Global bookstore.

Username or email: *

Password: *

Forgot individual login password?

Create individual account

Towards a Framework to Improve IT Security and IT Risk Management in Small and Medium Enterprises

MLA

APA

Chicago

Export Reference

Abstract

Request Access