Search results

1 – 2 of 2
Per page
102050
Citations:
Loading...
Access Restricted. View access options
Article
Publication date: 22 March 2011

Ladislav Beranek

The aim of this paper is to present risk analysis procedures which have been successfully applied by Czech small and medium enterprises (SMEs). The methodology, which is based on…

2117

Abstract

Purpose

The aim of this paper is to present risk analysis procedures which have been successfully applied by Czech small and medium enterprises (SMEs). The methodology, which is based on the modification and combination of two standard methods, aims to accelerate (and make more affordable) the risk analysis process, as compared to other risk analysis methods used for public organizations and major corporations in the Czech Republic.

Design/methodology/approach

The paper presents in detail the individual steps the authors used in risk analysis of SMEs in the Czech Republic. The method is based on the facilitated risk analysis process (FRAP) methodology and the BITS recommendation. Modifications of both methodologies are described in detail.

Findings

To perform risk analysis in the SME sector in the Czech Republic, it is necessary to have a broad portfolio of instruments. Besides using the CRAMM methodology, the authors have created a new method based on combining the BITS and FRAP methods. The advantage of this method is its ability to accelerate the risk analysis, especially the identification and asset evaluation phases. Another advantage is that the method produces simple spreadsheet tables, providing the consumer with a tool that is easily editable and may be used for follow‐up procedures.

Practical implications

The risk analysis method produces benefits for SMEs by speeding up the risk analysis and lowering its cost. Another benefit is that the method is open‐source and can potentially be further modified.

Originality/value

The paper presents in detail an approach to risk analysis based on the modification of the FRAP methodology and the BITS recommendation.

Details

Information Management & Computer Security, vol. 19 no. 1
Type: Research Article
ISSN: 0968-5227

Keywords

Access Restricted. View access options
Article
Publication date: 12 March 2018

Andrew Stewart

An action is utilitarian when it is both useful and practical. This paper aims to examine a number of traditional information security management practices to ascertain their…

344

Abstract

Purpose

An action is utilitarian when it is both useful and practical. This paper aims to examine a number of traditional information security management practices to ascertain their utility. That analysis is performed according to the particular set of challenges and requirements experienced by very large organizations. Examples of such organizations include multinational corporations, the governments of large nations and global investment banks.

Design/methodology/approach

The author performs a gap analysis of a number of security management practices. The examination is focused on the question of whether these practices are both useful and practical when used within very large organizations.

Findings

The author identifies a number of information security management practices that are considered to be “best practice” in the general case but that are suboptimal at the margin represented by very large organizations. A number of alternative management practices are proposed that compensate for the identified weaknesses.

Originality/value

Quoting from the conclusion of the paper: We have seen in our analysis within this paper that some best practices can experience what economists refer to as diminishing marginal utility. As the target organization drifts from the typical use-case the amount of value-added declines and can potentially enter negative territory. We have also examined the degree of innovation in the practice of security management and the extent to which the literature can support practical, real-world activities. In both the areas, we have identified a number of opportunities to perform further work.

Details

Information & Computer Security, vol. 26 no. 1
Type: Research Article
ISSN: 2056-4961

Keywords

1 – 2 of 2
Per page
102050