In addition to the above mentioned objectives, some considerations/assumptions have been made for the development of the risk & security assessment approach it presents:

  •  In many cases the SME may be unfamiliar with computer security and in consequence may benefit from access to awareness, training and guidance material.
  • The establishment of a security guidance framework through SME trade bodies and associations will help promote understanding of security issues by those with little background in information security.
  • Policies and frameworks for information security planning and disaster recovery are usually non-existent. Moreover, a basic understanding of information security risk in SMEs does not extend much beyond viruses and anti-virus software.
  • Most SME business managers barely understand highly technical and complex scientific terminology related to information security.
  • Inadvertent threats pose some of the highest information security risk to SMEs and yet personnel training and awareness programmes are often neglected. Even if the staff of SMEs has special knowledge of information systems, they might not possess special know-how on IT security matters. An aggravating factor is that companies generally cannot afford to invest enough resources in risk & security management.

Our next installment – IT Risk & Security : The Five Phase Approach

Leave a Reply

Your email address will not be published. Required fields are marked

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}


Green Apple IT, IT Compliance Consulting, ITIL Consulting

You may also like

Please confirm