Skip to main content
SpringerLink
Log in

Reflections on Data-Driven Risk Valuation Models for MSMEs Based on Field Research

  • Conference paper
  • First Online:
ICT Innovations 2017 (ICT Innovations 2017)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 778))

Included in the following conference series:

  • 1142 Accesses

Abstract

There are many approaches to risk management, and the practice shows that they are not suitable for IT-centric Micro Small and Medium Enterprises (MSME), but more targeted to large and complex organizations. At the same time, the existing approaches in isolation are aimed at a particular type of risk, not taking into account that MSMEs need a more integrated approach, constraint on time and resources and availability of data. Based on the field research of over 150 organizations, the initially proposed risk management framework was revised generally in the area of scope of the risk, duration, risk management team and risk valuation model. Various risk models were reviewed for appropriateness. The development of IT and its use in organizations allows for preference to data-driven models, but the limitation of MSMEs with resources, and understanding of complex data-driven model limits their use. The field research showed that MSMEs prefer a hybrid method for assessment of risks, as they couldn’t sustain a fully quantitative approach and as managers feel more confident with qualitative estimates.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Zhang, X., Wuwong, N., Li, H., Zhang, X.: Information security risk management framework for the cloud computing environments, pp. 1328–1334 (2010)

    Google Scholar 

  2. Chen, H., Chiang, R.H., Storey, V.C.: Business intelligence and analytics: From big data to big impact. MIS Q. 36(4), 1165–1188 (2012)

    Google Scholar 

  3. Trajkovski, J., Antovski, L.: Risk management framework that meets the implementation challenges for IT centric SMEs. IJHCITP 3 (2013)

    Google Scholar 

  4. ISO 31000 risk management - principles and guidelines.pdf. ISO (2009)

    Google Scholar 

  5. Joint Task Force: NIST SP800-39- Managing information security risk.pdf. NIST Special Publication

    Google Scholar 

  6. The RiskIT framework -Excerpt.pdf. ISACA (2009)

    Google Scholar 

  7. Haubenstock, M.: The operational risk management framework. Oper. Risk Regul. Anal. Manag. Prentice Hall-Financ. Times. 84(4) (2003)

    Google Scholar 

  8. COSO: Internal Control-Integrated Framework. Committee of Sponsoring Organizations of the Tread way Commission (COSO), AICPA/COSO (1992)

    Google Scholar 

  9. Aguilar, M.K.: COSO releases a risk management framework.pdf. Account. Today 18(19), 1 (2004)

    Google Scholar 

  10. Saleh, M.S., Alfantookh, A.: A new comprehensive framework for enterprise information security risk management. Appl. Comput. Inform. 9(2), 107–118 (2011)

    Article  Google Scholar 

  11. Vorster, A., Labuschagne, L.: A framework for comparing different information security risk analysis methodologies. In: Presented at the SAICSIT 2005 (2005)

    Google Scholar 

  12. Corpuz, M., Barnes, P.H.: Integrating information security policy management with corporate risk management for strategic alignment. In: Proceedings of the 14th World Multi-Conference on Systemics, Cybernetics and Informatics (WMSCI 2010) (2010)

    Google Scholar 

  13. ISO/IEC JTC1: ISO 27005-2008 Information security risk management.pdf. ISO (2008)

    Google Scholar 

  14. Taylor, C.: The RMA operational risk management framework.pdf. RMA J. 88(5), 4–7 (2006)

    Google Scholar 

  15. Behnia, A.: A survey of information security risk analysis methods. Smart Comput. Rev. (2012)

    Google Scholar 

  16. Lo, C.-C., Chen, W.-J.: A hybrid information security risk assessment procedure considering interdependences between controls. Expert Syst. Appl. 39(1), 247–257 (2012)

    Article  Google Scholar 

  17. Trajkovski, J., Antovski, L.: Risk management framework for IT centric SMEs. In: Proceedings from ICT Innovation (2012). Ohrid

    Google Scholar 

  18. Eloff, J.H.P., Labuschagne, L., Badenhorst, K.P.: A comparative framework for risk analysis methods. Comput. Secur. 12(6), 597–603 (1993)

    Article  Google Scholar 

  19. Lee, M.-C.: Information security risk analysis methods and research trends: AHP and fuzzy comprehensive method. Int. J. Comput. Sci. Inf. Technol. 6(1), 29–45 (2014)

    Google Scholar 

  20. Bojanc, R.: A quantitative model for information-security risk management. ResearchGate 25(2) (2012)

    Google Scholar 

  21. Bojanc, R., Jerman-Blažič, B.: An economic modelling approach to information security risk management. Int. J. Inf. Manag. 28(5), 413–422 (2008)

    Article  Google Scholar 

  22. Editor ed., ISO 31010 - Risk Management - Risk Assessment Techniques. ISO (2009)

    Google Scholar 

  23. Munteanu, A.: Information security risk assessment: The qualitative versus quantitative dilemma. In: Managing Information in the Digital Economy: Issues & Solutions-Proceedings of the 6th International Business Information Management Association (IBIMA) Conference, pp. 227–232 (2006)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Trajkovski and Partners Management Consulting, Sveti Kliment Ohridski 24/2/1, 1000, Skopje, Macedonia

    Jasmina Trajkovski

  2. Faculty of Computer Science and Engineering, University Ss. Cyril and Methodius, Rugjer Boshkovikj 16, 1000, Skopje, Macedonia

    Ljupcho Antovski

Authors
  1. Jasmina Trajkovski
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ljupcho Antovski
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Jasmina Trajkovski .

Editor information

Editors and Affiliations

  1. Computer Science and Engineering, Ss. Cyril and Methodius University, Skopje, Macedonia

    Dimitar Trajanov

  2. Computer Science and Engineering, Ss. Cyril and Methodius University , Skopje, Macedonia

    Verica Bakeva

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Cite this paper

Trajkovski, J., Antovski, L. (2017). Reflections on Data-Driven Risk Valuation Models for MSMEs Based on Field Research. In: Trajanov, D., Bakeva, V. (eds) ICT Innovations 2017. ICT Innovations 2017. Communications in Computer and Information Science, vol 778. Springer, Cham. https://doi.org/10.1007/978-3-319-67597-8_24

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-67597-8_24

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-67596-1

  • Online ISBN: 978-3-319-67597-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation