Show simple item record

AuthorAL-Dosari, Khalifa
AuthorFetais, Noora
Available date2024-03-10T05:42:09Z
Publication Date2023
Publication NameElectronics (Switzerland)
ResourceScopus
ISSN20799292
URIhttp://dx.doi.org/10.3390/electronics12173629
URIhttp://hdl.handle.net/10576/52817
AbstractInformation-technology (IT) security standards are regularly updated in a rapidly changing technological world to maintain pace with advanced technologies. This study was motivated by the realization that established IT risk-management frameworks might provide an adequate defence for small- and medium-sized enterprises (SMEs), especially those actively adopting new technologies. We reviewed that a dynamic IT risk-management framework, updated to reflect emerging technological changes, would offer improved security and privacy for SMEs. To evaluate this, we conducted a systematic literature review spanning 2016 to 2021, focusing on IT risk-management research in various application areas. This study revealed that, while established frameworks like NIST have their benefits, they need to be better suited to the unique needs of SMEs due to their high degree of abstractness, vague guidelines, and lack of adaptability to technological advancements. The findings suggest a pressing need to evolve IT risk-management frameworks, particularly by incorporating advanced methods such as system dynamics, machine learning, and technoeconomic and sociotechnological models. These innovative approaches provide a more dynamic, responsive, and holistic approach to risk management, thereby significantly improving the IT security of SMEs. The study's implications underscore the urgency of developing flexible, dynamic, and technology-informed IT risk-management strategies, offering novel insights into a more practical approach to IT risk management.
SponsorFor now, this research has received no external funding. However, it may be funded by the QNLP.
Languageen
PublisherMultidisciplinary Digital Publishing Institute (MDPI)
Subjectcybersecurity
information security
risk assessment
risk management
TitleRisk-Management Framework and Information-Security Systems for Small and Medium Enterprises (SMEs): A Meta-Analysis Approach
TypeArticle
Issue Number17
Volume Number12
dc.accessType Open Access


Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record