The IRMA Community
Newsletters
Research IRM
Click a keyword to search titles using our InfoSci-OnDemand powered search:
|
Towards a Framework to Improve IT Security and IT Risk Management in Small and Medium Enterprises
Abstract
In this article, an IT risk management (ITRM) framework for small and medium enterprises (SMEs) is designed and evaluated. The framework's objective is to provide an uncomplicated and accessible ITRM approach primarily aimed at SMEs without a dedicated ITRM. The framework combines essential elements from three leading (IT) risk management frameworks: COBIT 5 for Risk, ISO/IEC 27005:2011 and M_o_R. The framework was developed by employing a design science research methodology for social artefacts and evaluated in two healthcare SMEs. The ITRM framework itself was assessed as comprehensible and potentially useful. Simultaneously, over-arching IT governance issues prevented the immediate framework implementation in the two cases. IT management researchers can draw on this article's findings to better understand the role of the social context in SMEs to achieve an effective practical impact. Practitioners in SMEs can draw on the current state of the framework for an initial ITRM implementation or to increase their current ITRM approaches' maturity.
Related Content
|
Rehmat Shah, Rana Yassir Hussain, Hira Irshad.
© 2024.
21 pages.
|
|
Malik Waqar Ahmed, Haroon Hussain, Hammad Hassan Mirza, Ghulam Ali Bhatti.
© 2024.
17 pages.
|
|
Burak Nedim Aktaş.
© 2024.
23 pages.
|
|
Rani Jha, Sidharth Mishra, Avinash Sharma.
© 2024.
15 pages.
|
|
Tugçe Şimşek, Ahmet Bahadır Şimşek.
© 2024.
25 pages.
|
|
George Kassar.
© 2024.
15 pages.
|
|
Andi Cudai Nur, Komal Khalid.
© 2024.
19 pages.
|
|
|