TY - GEN
T1 - A comprehensive people, process and technology (PPT) application model for Information Systems (IS) risk management in small/medium enterprises (SME)
AU - Javaid, Muhammad Imran
AU - Iqbal, Mian Muhammad Waseem
N1 - Publisher Copyright:
© 2017 IEEE.
PY - 2017/10/11
Y1 - 2017/10/11
N2 - With advent of modern era. Information Technology (IT) has turned out to be very critical in operations, management and growth of an enterprise. Now, Information Systems (IS) are shaping the existing corporate strategies and creating new avenues for all size enterprises. At the same time, they are subject to numerous threats. Previously, executive management of enterprises didn't involve themselves in the information technology affairs and used to leave these threats to the operational management. However, increased dependencies of businesses on information systems have changed these dimensions, as these unmanaged threats results into a number of business risks which can even threaten business existence. In order to deal with these risks, a number of risk management standards have been developed but most of them focus on large organizations, who have well-structured business processes and some IT risk management expertise is already there. Secondly, either these standards are specific to some particular business domain or provide generic guidelines at strategic level with missing operational level details, which needs to be integrated and customized before its application to a particular enterprise business processes and environment. Therefore, IT risk management in small and medium enterprises is still a challenge. In case of small or medium size enterprises, application of these standards is difficult, primarily due to lack of budget and expertise. Furthermore, selection of appropriate standard among wide spectrum of risk management standards, remains a weak link. Therefore the main question analyzed in this research paper is: How to Apply Risk Management in information systems at operational level and integration of various risk management frameworks within enterprise context? In order to answer these questions, widely accepted risk management frameworks and tools have been analyzed, challenges have been identified and solution is proposed by developing a risk management application model with the aim that it can even be used by small enterprises.
AB - With advent of modern era. Information Technology (IT) has turned out to be very critical in operations, management and growth of an enterprise. Now, Information Systems (IS) are shaping the existing corporate strategies and creating new avenues for all size enterprises. At the same time, they are subject to numerous threats. Previously, executive management of enterprises didn't involve themselves in the information technology affairs and used to leave these threats to the operational management. However, increased dependencies of businesses on information systems have changed these dimensions, as these unmanaged threats results into a number of business risks which can even threaten business existence. In order to deal with these risks, a number of risk management standards have been developed but most of them focus on large organizations, who have well-structured business processes and some IT risk management expertise is already there. Secondly, either these standards are specific to some particular business domain or provide generic guidelines at strategic level with missing operational level details, which needs to be integrated and customized before its application to a particular enterprise business processes and environment. Therefore, IT risk management in small and medium enterprises is still a challenge. In case of small or medium size enterprises, application of these standards is difficult, primarily due to lack of budget and expertise. Furthermore, selection of appropriate standard among wide spectrum of risk management standards, remains a weak link. Therefore the main question analyzed in this research paper is: How to Apply Risk Management in information systems at operational level and integration of various risk management frameworks within enterprise context? In order to answer these questions, widely accepted risk management frameworks and tools have been analyzed, challenges have been identified and solution is proposed by developing a risk management application model with the aim that it can even be used by small enterprises.
KW - Application Model for Risk Management in SME
KW - Risk Assessment
KW - Risk Management in Information Systems
KW - Risk Managmentt
KW - SME
UR - http://www.scopus.com/inward/record.url?scp=85034780810&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85034780810&partnerID=8YFLogxK
U2 - 10.1109/COMTECH.2017.8065754
DO - 10.1109/COMTECH.2017.8065754
M3 - Conference contribution
AN - SCOPUS:85034780810
T3 - International Conference on Communication Technologies, ComTech 2017
SP - 78
EP - 90
BT - International Conference on Communication Technologies, ComTech 2017
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 2017 International Conference on Communication Technologies, ComTech 2017
Y2 - 19 April 2017 through 21 April 2017
ER -