Title

A protection profiles approach to risk analysis for small and medium enterprises

Document Type

Conference Proceeding

Publisher

Springer

Faculty

Computing, Health and Science

School

School of Computer and Information Science, Centre for Security Research

RAS ID

2728

Comments

Originally published as: Dimopoulos, V., & Furnell, S. (2005). A protection Profiles Approach to Risk Analysis for Small and Medium Enterprises. In Security Management, Integrity, and Internal Control in Information Systems (pp. 267-283). Springer, Boston, MA. Original article available here

Abstract

Performing a Risk Analysis has long been considered necessary security practice for organisations, however surveys indicate that Small and Medium Enterprises do not tend to undertake one. Some of the main reasons behind this have been found to be the lack of funds, expertise and awareness within such organisations, this paper describes a methodology that aims to assess these issues and be appropriate for the needs of this SMEs by utilising a protection profiles and threat trees approach to perform the assessment instead of lengthy questionnaires and incorporating other elements such as financial considerations and creation of a security policy.

Access Rights

free_to_read

 
COinS