Applying the Australian and New Zealand Risk Management Standard to Information Systems in SMES

  • Davidson R
  • Lambert S
  • Lambert S
N/ACitations
Citations of this article
11Readers
Mendeley users who have this article in their library.

Abstract

This paper advocates the use of the Australia/New Zealand Risk Management Standard (SA/SNZ, 1999) in conjunction with of a modified version of Birch and McEvoy’s (1992) Structured Risk Analysis for Information Systems (SRA-IS) to identify information systems security risks in SMEs. The use of Internet based commerce by SMEs exposes them to information systems security risks that they are ill equipped to recognise let alone mitigate. Unlike the identification of some business risks, identification of risks associated with information systems requires certain technical expertise. The structure of the existing information system must be understood and modelled before risks can be identified and it is acknowledged that the required technical expertise may not be present in SMEs, thus the involvement of information systems consultants may be necessary. Once the information system has been modelled little information systems expertise is required to complete the analysis, keeping consultant involvement to a minimum and maximising owner/manager involvement. INTRODUCTION

Cite

CITATION STYLE

APA

Davidson, R., Lambert, S., & Lambert, S. (2004). Applying the Australian and New Zealand Risk Management Standard to Information Systems in SMES. Australasian Journal of Information Systems, 12(1). https://doi.org/10.3127/ajis.v12i1.101

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free