The pervasive use of information technology in enterprises of every size and the emergence of widely deployed ubiquitous networking technologies have brought with them a widening need for security. Information system security policy development must begin with a thorough analysis of sensitivity and criticality. Risk analysis methodologies, like CRAMM, provide the ability to analyse and manage the associated risks. By performing a risk analysis on a typical small enterprise and a home‐office set‐up the article identifies the risks associated with availability, confidentiality, and integrity requirements. Although both environments share weaknesses and security requirements with larger enterprises, the risk management approaches required are different in nature and scale. Their implementation requires co‐operation between end users, network service providers, and software vendors.
Spinellis, D., Kokolakis, S. and Gritzalis, S. (1999), "Security requirements, risks and recommendations for small enterprise and home‐office environments", Information Management & Computer Security, Vol. 7 No. 3, pp. 121-128. https://doi.org/10.1108/09685229910371071
MCB UP Ltd
Copyright © 1999, MCB UP Limited