A Systematic Review of Methodologies and Models for the Analysis and Management of Associative and Hierarchical Risk in SMEs

Antonio Santos-Olmo, Luis Enrique Sánchez, Eduardo Fernández-Medina, Mario Piattini

2012

Abstract

As a result of the growing dependence of information society on ICTs, the need to know the risks that can affect information is enormously increasing with the purpose of protecting it. This article shows advances in the identification and management of risks in ICTs, particularly in the case of SMEs, along with the first proposal of a methodology for management and analysis of the associative risk in SMEs taking into account not only internal risks derived from SMEs but also other external risks derived from other enterprises in the same sector or collaborating with them. Thus, we will obtain a high quality risk analysis at low cost using advanced concepts such as “associative algorithms” and “enterprise social networks”. In the era of globalization, SMEs no longer work as independent companies but share more and more services, even facilities, with other companies. Therefore, we cannot obtain an adequate risk analysis without considering the risks associated with these collaborations. In this article we present rhe results of a systematic review of methodologies and models for the analysis and management of associative and hierarchical risk in SMEs.

References

  1. Kluge, D. Formal Information Security Standards in German Medium Enterprises. in CONISAR: The Conference on Information Systems Applied Research. 2008.
  2. Wiander, T. and J. Holappa, Theoretical Framework of ISO 17799 Compliant. Information Security Management System Using Novel ASD Method., in Technical Report, V.T.R.C.o. Finland, Editor 2006.
  3. Wiander, T. Implementing the ISO/IEC 17799 standard in practice - experiences on audit phases. in AISC 7808: Proceedings of the sixth Australasian conference on Information security. 2008. Wollongong, Australia.
  4. Volonino, L. and S. Robinson. Principles and Practice of Information Security. in 1 edition, Anderson, Natalie E. 2004. New Jersey, EEUU.
  5. Spinellis, D. and D. Gritzalis. nformation Security Best Practise Dissemination: The ISAEUNET Approach. in WISE 1:First World Conference on Information Security Education. 1999.
  6. Nachtigal, S., E-business Information Systems Security Design Paradigm and Model. Royal Holloway, University of London, Technical Report, 2009: p. 347.
  7. Abdullah, H., A Risk Analysis and Risk Management Methodology for Mitigating Wireless Local Area Networks Intrusion Security Risks. University of Pretoria, 2006: p. 219.
  8. Bagheri, E. and A. A. Ghorbani, Astrolabe: A Collaborative Multiperspective GoalOriented Risk Analysis Methodology. IEEE TRANSACTIONS ON SYSTEMS, MAN, AND CYBERNETICS-PART A: SYSTEMS AND HUMANS, 2009. 39(1): p. 66-85.
  9. Alhawari, S. et al., Knowledge-Based Risk Management framework for Information Technology project. International Journal of Information Management, 2012. 32(1): p. 50- 65.
  10. Strecker, S., D. Heise, and U. Frank, RiskM: A multi-perspective modeling method for IT risk assessment. Inf Syst Front, 2010(13): p. 595-611.
  11. Ma, W.-M., Study on Architecture-Oriented Information Security Risk Assessment Model. ICCCI 2010, Part III, LNAI 6423, 2010: p. 18-226.
  12. Feng, N. and M. Li, An information systems security risk assessment model under uncertain environment. Applied Soft Computing, 2011. 11(7): p. 4332-4340.
  13. Abraham, A., Nature Inspired Online Real Risk Assessment Models for Security Systems. EuroISI 2008, LNCS 5376, 2008.
  14. Chang, S.-I., et al., The development of audit detection risk assessment system: Using the fuzzy theory and audit risk model. Expert Systems with Applications, 2008. 35(3): p. 1053- 1067.
  15. Yang, F.-H., C.-H. Chi, and L. Liu, A Risk Assessment Model for Enterprise Network Security. ATC 2006, LNCS 4158, 2006: p. 293 - 301.
  16. Wawrzyniak, D., Information Security Risk Assessment Model for Risk Management. TrustBus 2006, LNCS 4083, 2006: p. 21-30.
  17. Lin, M., Q. Wang, and J. Li, Methodology of Quantitative Risk Assessment for Information System Security. CIS 2005, Part II, LNAI 3802, 2005: p. 526 - 531.
  18. Hewett, R. and R. Seker, A Risk Assessment Model of Embedded Software Systems. 29th Annual IEEE/NASA Software Engineering Workshop (SEW'05), 2005: p. 8.
  19. Patel, S. C., J. H. Graham, and P. A. S. Ralston, Quantitatively assessing the vulnerability of critical information systems: A new method for evaluating security enhancements. International Journal of Information Management, 2008. 28(6): p. 483-491.
  20. Calvo-Manzano, J. A. et al., Experiences in the Application of Software Process Improvement in SMES. Software Quality Journal., 2004. 10(3): p. 261-273.
  21. Mekelburg, D., Sustaining Best Practices: How Real-World Software Organizations Improve Quality Processes. Software Quality Professional, 2005. 7(3): p. 4-13.
Download


Paper Citation


in Harvard Style

Santos-Olmo A., Sánchez L., Fernández-Medina E. and Piattini M. (2012). A Systematic Review of Methodologies and Models for the Analysis and Management of Associative and Hierarchical Risk in SMEs . In Proceedings of the 9th International Workshop on Security in Information Systems - Volume 1: WOSIS, (ICEIS 2012) ISBN 978-989-8565-15-0, pages 117-124. DOI: 10.5220/0004102601170124


in Bibtex Style

@conference{wosis12,
author={Antonio Santos-Olmo and Luis Enrique Sánchez and Eduardo Fernández-Medina and Mario Piattini},
title={A Systematic Review of Methodologies and Models for the Analysis and Management of Associative and Hierarchical Risk in SMEs},
booktitle={Proceedings of the 9th International Workshop on Security in Information Systems - Volume 1: WOSIS, (ICEIS 2012)},
year={2012},
pages={117-124},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0004102601170124},
isbn={978-989-8565-15-0},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 9th International Workshop on Security in Information Systems - Volume 1: WOSIS, (ICEIS 2012)
TI - A Systematic Review of Methodologies and Models for the Analysis and Management of Associative and Hierarchical Risk in SMEs
SN - 978-989-8565-15-0
AU - Santos-Olmo A.
AU - Sánchez L.
AU - Fernández-Medina E.
AU - Piattini M.
PY - 2012
SP - 117
EP - 124
DO - 10.5220/0004102601170124