A protection profiles approach to risk analysis for small and medium enterprises
Document Type
Conference Proceeding
Publisher
Springer
Faculty
Faculty of Computing, Health and Science
School
School of Computer and Information Science / Centre for Security Research
RAS ID
2728
Abstract
Performing a Risk Analysis has long been considered necessary security practice for organisations, however surveys indicate that Small and Medium Enterprises do not tend to undertake one. Some of the main reasons behind this have been found to be the lack of funds, expertise and awareness within such organisations, this paper describes a methodology that aims to assess these issues and be appropriate for the needs of this SMEs by utilising a protection profiles and threat trees approach to perform the assessment instead of lengthy questionnaires and incorporating other elements such as financial considerations and creation of a security policy.
Access Rights
free_to_read
Comments
Dimopoulos, V., & Furnell, S. (2005). A protection Profiles Approach to Risk Analysis for Small and Medium Enterprises. In Security Management, Integrity, and Internal Control in Information Systems (pp. 267-283). Springer, Boston, MA. Available here