Information security risk in SMEs: A hybrid model compatible with IFRS: Evaluation in two Ecuadorian SMEs of automotive sector

Abstract:

The study develops a hybrid model for Assessment and Reduction of Information Security Risk in SMEs. The Design, that proposes generalization mechanisms, combines benefits of quantitative and qualitative methods: ISO 27005, OCTAVE-S and MAGERIT contribute with qualitative techniques; IFRS supports a quantitative technique to estimate impact over assets subject to risk. The Evaluation is done applying model in two Ecuadorian SMEs of automotive sector. The case study allows concluding that model requires a reasonable effort, and involves business executives and operational staff with no greater ICT specialization; in addition, shows the technical and operational applicability. Thus, the work provides a practical tool formally developed, according to DSR approach and using complementary methods. The solution includes components not explicitly integrated in technical literature, and a proposal to promote generalizing its validity.

Año de publicación:

2016

Keywords:

• Magerit
• information security risk
• iso 27005
• IFRS
• Octave-s
• SME

Fuente:

scopus