A comprehensive people, process and technology (PPT) application model for Information Systems (IS) risk management in small/medium enterprises (SME)

With advent of modern era. Information Technology (IT) has turned out to be very critical in operations, management and growth of an enterprise. Now, Information Systems (IS) are shaping the existing corporate strategies and creating new avenues for all size enterprises. At the same time, they are subject to numerous threats. Previously, executive management of enterprises didn't involve themselves in the information technology affairs and used to leave these threats to the operational management. However, increased dependencies of businesses on information systems have changed these dimensions, as these unmanaged threats results into a number of business risks which can even threaten business existence. In order to deal with these risks, a number of risk management standards have been developed but most of them focus on large organizations, who have well-structured business processes and some IT risk management expertise is already there. Secondly, either these standards are specific to some particular business domain or provide generic guidelines at strategic level with missing operational level details, which needs to be integrated and customized before its application to a particular enterprise business processes and environment. Therefore, IT risk management in small and medium enterprises is still a challenge. In case of small or medium size enterprises, application of these standards is difficult, primarily due to lack of budget and expertise. Furthermore, selection of appropriate standard among wide spectrum of risk management standards, remains a weak link. Therefore the main question analyzed in this research paper is: How to Apply Risk Management in information systems at operational level and integration of various risk management frameworks within enterprise context? In order to answer these questions, widely accepted risk management frameworks and tools have been analyzed, challenges have been identified and solution is proposed by developing a risk management application model with the aim that it can even be used by small enterprises.