Risk-Management Framework and Information-Security Systems for Small and Medium Enterprises (SMEs): A Meta-Analysis Approach
Author | AL-Dosari, Khalifa |
Author | Fetais, Noora |
Available date | 2024-03-10T05:42:09Z |
Publication Date | 2023 |
Publication Name | Electronics (Switzerland) |
Resource | Scopus |
ISSN | 20799292 |
Abstract | Information-technology (IT) security standards are regularly updated in a rapidly changing technological world to maintain pace with advanced technologies. This study was motivated by the realization that established IT risk-management frameworks might provide an adequate defence for small- and medium-sized enterprises (SMEs), especially those actively adopting new technologies. We reviewed that a dynamic IT risk-management framework, updated to reflect emerging technological changes, would offer improved security and privacy for SMEs. To evaluate this, we conducted a systematic literature review spanning 2016 to 2021, focusing on IT risk-management research in various application areas. This study revealed that, while established frameworks like NIST have their benefits, they need to be better suited to the unique needs of SMEs due to their high degree of abstractness, vague guidelines, and lack of adaptability to technological advancements. The findings suggest a pressing need to evolve IT risk-management frameworks, particularly by incorporating advanced methods such as system dynamics, machine learning, and technoeconomic and sociotechnological models. These innovative approaches provide a more dynamic, responsive, and holistic approach to risk management, thereby significantly improving the IT security of SMEs. The study's implications underscore the urgency of developing flexible, dynamic, and technology-informed IT risk-management strategies, offering novel insights into a more practical approach to IT risk management. |
Sponsor | For now, this research has received no external funding. However, it may be funded by the QNLP. |
Language | en |
Publisher | Multidisciplinary Digital Publishing Institute (MDPI) |
Subject | cybersecurity information security risk assessment risk management |
Type | Article |
Issue Number | 17 |
Volume Number | 12 |
Files in this item
This item appears in the following Collection(s)
-
Computer Science & Engineering [2402 items ]