Abstract
There are many approaches to risk management, and the practice shows that they are not suitable for IT-centric Micro Small and Medium Enterprises (MSME), but more targeted to large and complex organizations. At the same time, the existing approaches in isolation are aimed at a particular type of risk, not taking into account that MSMEs need a more integrated approach, constraint on time and resources and availability of data. Based on the field research of over 150 organizations, the initially proposed risk management framework was revised generally in the area of scope of the risk, duration, risk management team and risk valuation model. Various risk models were reviewed for appropriateness. The development of IT and its use in organizations allows for preference to data-driven models, but the limitation of MSMEs with resources, and understanding of complex data-driven model limits their use. The field research showed that MSMEs prefer a hybrid method for assessment of risks, as they couldn’t sustain a fully quantitative approach and as managers feel more confident with qualitative estimates.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Zhang, X., Wuwong, N., Li, H., Zhang, X.: Information security risk management framework for the cloud computing environments, pp. 1328–1334 (2010)
Chen, H., Chiang, R.H., Storey, V.C.: Business intelligence and analytics: From big data to big impact. MIS Q. 36(4), 1165–1188 (2012)
Trajkovski, J., Antovski, L.: Risk management framework that meets the implementation challenges for IT centric SMEs. IJHCITP 3 (2013)
ISO 31000 risk management - principles and guidelines.pdf. ISO (2009)
Joint Task Force: NIST SP800-39- Managing information security risk.pdf. NIST Special Publication
The RiskIT framework -Excerpt.pdf. ISACA (2009)
Haubenstock, M.: The operational risk management framework. Oper. Risk Regul. Anal. Manag. Prentice Hall-Financ. Times. 84(4) (2003)
COSO: Internal Control-Integrated Framework. Committee of Sponsoring Organizations of the Tread way Commission (COSO), AICPA/COSO (1992)
Aguilar, M.K.: COSO releases a risk management framework.pdf. Account. Today 18(19), 1 (2004)
Saleh, M.S., Alfantookh, A.: A new comprehensive framework for enterprise information security risk management. Appl. Comput. Inform. 9(2), 107–118 (2011)
Vorster, A., Labuschagne, L.: A framework for comparing different information security risk analysis methodologies. In: Presented at the SAICSIT 2005 (2005)
Corpuz, M., Barnes, P.H.: Integrating information security policy management with corporate risk management for strategic alignment. In: Proceedings of the 14th World Multi-Conference on Systemics, Cybernetics and Informatics (WMSCI 2010) (2010)
ISO/IEC JTC1: ISO 27005-2008 Information security risk management.pdf. ISO (2008)
Taylor, C.: The RMA operational risk management framework.pdf. RMA J. 88(5), 4–7 (2006)
Behnia, A.: A survey of information security risk analysis methods. Smart Comput. Rev. (2012)
Lo, C.-C., Chen, W.-J.: A hybrid information security risk assessment procedure considering interdependences between controls. Expert Syst. Appl. 39(1), 247–257 (2012)
Trajkovski, J., Antovski, L.: Risk management framework for IT centric SMEs. In: Proceedings from ICT Innovation (2012). Ohrid
Eloff, J.H.P., Labuschagne, L., Badenhorst, K.P.: A comparative framework for risk analysis methods. Comput. Secur. 12(6), 597–603 (1993)
Lee, M.-C.: Information security risk analysis methods and research trends: AHP and fuzzy comprehensive method. Int. J. Comput. Sci. Inf. Technol. 6(1), 29–45 (2014)
Bojanc, R.: A quantitative model for information-security risk management. ResearchGate 25(2) (2012)
Bojanc, R., Jerman-Blažič, B.: An economic modelling approach to information security risk management. Int. J. Inf. Manag. 28(5), 413–422 (2008)
Editor ed., ISO 31010 - Risk Management - Risk Assessment Techniques. ISO (2009)
Munteanu, A.: Information security risk assessment: The qualitative versus quantitative dilemma. In: Managing Information in the Digital Economy: Issues & Solutions-Proceedings of the 6th International Business Information Management Association (IBIMA) Conference, pp. 227–232 (2006)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Trajkovski, J., Antovski, L. (2017). Reflections on Data-Driven Risk Valuation Models for MSMEs Based on Field Research. In: Trajanov, D., Bakeva, V. (eds) ICT Innovations 2017. ICT Innovations 2017. Communications in Computer and Information Science, vol 778. Springer, Cham. https://doi.org/10.1007/978-3-319-67597-8_24
Download citation
DOI: https://doi.org/10.1007/978-3-319-67597-8_24
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-67596-1
Online ISBN: 978-3-319-67597-8
eBook Packages: Computer ScienceComputer Science (R0)