{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,26]],"date-time":"2025-10-26T14:24:13Z","timestamp":1761488653918,"version":"3.41.2"},"reference-count":23,"publisher":"Emerald","issue":"1","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2011,3,22]]},"abstract":"<jats:sec>\n                  <jats:title>Purpose<\/jats:title>\n                  <jats:p>The aim of this paper is to present risk analysis procedures which have been successfully applied by Czech small and medium enterprises (SMEs). The methodology, which is based on the modification and combination of two standard methods, aims to accelerate (and make more affordable) the risk analysis process, as compared to other risk analysis methods used for public organizations and major corporations in the Czech Republic.<\/jats:p>\n               <\/jats:sec>\n               <jats:sec>\n                  <jats:title>Design\/methodology\/approach<\/jats:title>\n                  <jats:p>The paper presents in detail the individual steps the authors used in risk analysis of SMEs in the Czech Republic. The method is based on the facilitated risk analysis process (FRAP) methodology and the BITS recommendation. Modifications of both methodologies are described in detail.<\/jats:p>\n               <\/jats:sec>\n               <jats:sec>\n                  <jats:title>Findings<\/jats:title>\n                  <jats:p>To perform risk analysis in the SME sector in the Czech Republic, it is necessary to have a broad portfolio of instruments. Besides using the CRAMM methodology, the authors have created a new method based on combining the BITS and FRAP methods. The advantage of this method is its ability to accelerate the risk analysis, especially the identification and asset evaluation phases. Another advantage is that the method produces simple spreadsheet tables, providing the consumer with a tool that is easily editable and may be used for follow-up procedures.<\/jats:p>\n               <\/jats:sec>\n               <jats:sec>\n                  <jats:title>Practical implications<\/jats:title>\n                  <jats:p>The risk analysis method produces benefits for SMEs by speeding up the risk analysis and lowering its cost. Another benefit is that the method is open-source and can potentially be further modified.<\/jats:p>\n               <\/jats:sec>\n               <jats:sec>\n                  <jats:title>Originality\/value<\/jats:title>\n                  <jats:p>The paper presents in detail an approach to risk analysis based on the modification of the FRAP methodology and the BITS recommendation.<\/jats:p>\n               <\/jats:sec>","DOI":"10.1108\/09685221111115854","type":"journal-article","created":{"date-parts":[[2011,3,19]],"date-time":"2011-03-19T08:07:02Z","timestamp":1300522022000},"page":"42-52","source":"Crossref","is-referenced-by-count":6,"title":["Risk analysis methodology used by several small and medium enterprises in the Czech Republic"],"prefix":"10.1108","volume":"19","author":[{"given":"Ladislav","family":"Beranek","sequence":"first","affiliation":[{"name":"Department of Applied Mathematics and Informatics, Faculty of Economics, University of South Bohemia in Ceske Budejovice, Ceske Budejovice, Czech Republic"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"140","reference":[{"key":"2025072819470221600_b1","unstructured":"BITS\n           (2010), The Financial Services Roundtable, BITS publication, Washington, DC, available at: www.bits.org\/p_publications.html (accessed March 15, 2010)."},{"key":"2025072819470221600_b5","unstructured":"CRAMM\n           (2010), \u201cThe total information security toolkit\u201d, available at: www.cramm.com\/ (accessed March 15, 2010)."},{"key":"2025072819470221600_b2","unstructured":"Dimopoulos, V.\n          , Furnell, S. and Barlow, I. (2003), \u201cConsidering IT risk analysis in small and medium enterprises\u201d, Proceedings of the 1st Australian Information Security Management Conference, Perth, Australia, Paper 2, November 1-7, 2003, available at: http:\/\/scissec.scis.ecu.edu.au\/proceedings\/2003\/infosec\/pdf\/02_final.pdf (accessed March 15, 2010)."},{"key":"2025072819470221600_b3","unstructured":"Dimopoulos, V.\n          , Furnell, S., Barlow, I. and Lines, B. (2004a), \u201cFactors affecting the adoption of IT risk analysis\u201d, Proceedings of 3rd European Conference on Information Warfare and Security, Royal Holloway, University of London, Egham, UK, June 28-29."},{"key":"2025072819470221600_b4","unstructured":"Dimopoulos, V.\n          , Furnell, S., Jennex, M. and Kritharas, I. (2004b), \u201cApproaches to IT security in small and medium enterprises\u201d, Proceedings of 2nd Australian Information Security Management Conference, School of Computer and Information Science, Edith Cowan University, Perth, Australia, November 26."},{"key":"2025072819470221600_b7","unstructured":"ENISA\n           (2010), \u201cComparison of risk management methods and tools\u201d, available at: http:\/\/rm-inv.enisa.europa.eu\/comparison.html?menu1=&menu2=&Button=+\u2009Go+ (accessed June 20, 2010)."},{"issue":"1","key":"2025072819470221600_b6","doi-asserted-by":"crossref","first-page":"16","DOI":"10.1016\/j.cose.2004.11.002","article-title":"Information management of risk in the information age","volume":"24","author":"Gerber","year":"2005","journal-title":"Computers & Security"},{"key":"2025072819470221600_b8","unstructured":"InfoSecAlways.com\n           (2007), \u201cSecurity threat statistics \u2013 resources\u201d, InfoSecAlways.com, available at: http:\/\/infosecalways.com\/2007\/07\/12\/security-threat-statistics-resources\/ (accessed March 15, 2010)."},{"issue":"4","key":"2025072819470221600_b9","doi-asserted-by":"crossref","first-page":"20","DOI":"10.1108\/09685229610130503","article-title":"Factors in the selection of a risk assessment method","volume":"4","author":"Lichtenstein","year":"1996","journal-title":"Information Management & Computer Security"},{"issue":"3","key":"2025072819470221600_b10","doi-asserted-by":"crossref","first-page":"57","DOI":"10.1109\/MITP.2009.62","article-title":"Understanding insecure IT: practical risk assessment","volume":"11","author":"Liu","year":"2009","journal-title":"IT Professional"},{"key":"2025072819470221600_b11","unstructured":"MEHARI\n           (2010), \u201cInformation security risk and compliance management system\u201d, available at: www.mehari-risk.com (accessed March 15, 2010)."},{"issue":"2","key":"2025072819470221600_b12","doi-asserted-by":"crossref","first-page":"187","DOI":"10.1108\/09685220810879645","article-title":"Management versus security specialists: an empirical study on security related perceptions","volume":"16","author":"Mouratidis","year":"2008","journal-title":"Information Management & Computer Security"},{"key":"2025072819470221600_b13","doi-asserted-by":"crossref","unstructured":"Norman, T.L.\n           (2009), Risk Analysis and Security Countermeasure Selection, CRC Press, Boca Raton, FL.","DOI":"10.1201\/9781420078718"},{"key":"2025072819470221600_b14","unstructured":"OCTAVE-S\n           (2010), OCTAVE-S, available at: www.cert.org\/octave\/octaves.html (accessed March 15, 2010)."},{"key":"2025072819470221600_b15","doi-asserted-by":"crossref","unstructured":"OSA\n           (2010), \u201cOpen Security Architecture threat catalogue overview\u201d, available at: www.opensecurityarchitecture.org\/cms\/library\/threat_catalogue (accessed June 20, 2010).","DOI":"10.1016\/S1353-4858(10)70118-5"},{"key":"2025072819470221600_b16","doi-asserted-by":"crossref","unstructured":"Peltier, T.R.\n           (2005a), Information Security Risk Analysis, Taylor & Francis, New York, NY.","DOI":"10.1201\/9781420031195"},{"issue":"1","key":"2025072819470221600_b17","doi-asserted-by":"crossref","first-page":"49","DOI":"10.1109\/EMR.2005.25176","article-title":"Risk analysis and risk management","volume":"33","author":"Peltier","year":"2005","journal-title":"IEEE Engineering Management Review"},{"key":"2025072819470221600_b18","doi-asserted-by":"crossref","unstructured":"Peltier, T.R.\n           (2008), How to Complete a Risk Assessment in 5 Days or Less, Auerbach, London.","DOI":"10.1201\/9781420062762"},{"key":"2025072819470221600_b19","unstructured":"PSIB \u010cR '09\n           (2010), Ernst & Young, NB\u00da, DSM \u2013 Data Security Management, TATE International, Prague, available at: www.dms.tate.cz\/cz\/psib-cr-2009\/ (accessed June 20, 2010)."},{"key":"2025072819470221600_b20","unstructured":"Rot, A.\n           (2009), \u201cEnterprise information technology security: risk management perspective\u201d, Proceedings of the WCECS 2009, San Francisco, CA, USA, October, Vol. II, pp. 1171-6, available at: www.iaeng.org\/publication\/WCECS2009\/WCECS2009_pp1171-1176.pdf (accessed April 15, 2010)."},{"key":"2025072819470221600_b21","unstructured":"Sophos\n           (2010), Security Threat Report, available at: http:\/\/i.zdnet.com\/blogs\/sophos-security-threat-report-jan-2010-wpna.pdf (accessed March 15, 2010)."},{"issue":"4","key":"2025072819470221600_b22","doi-asserted-by":"crossref","first-page":"7","DOI":"10.1016\/S1353-4858(05)70222-1","article-title":"A contemporary approach to network vulnerability assessment","volume":"2005","author":"Stewart","year":"2005","journal-title":"Network Security"},{"issue":"1","key":"2025072819470221600_b23","doi-asserted-by":"crossref","first-page":"91","DOI":"10.1108\/09685220410518856","article-title":"From risk analysis to effective security management: towards an automated approach","volume":"12","author":"Tsoumas","year":"2004","journal-title":"Information Management & Computer Security"}],"container-title":["Information Management &amp; Computer Security"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/www.emeraldinsight.com\/doi\/full-xml\/10.1108\/09685221111115854","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/09685221111115854\/full\/xml","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.emerald.com\/ics\/article-pdf\/19\/1\/42\/1215900\/09685221111115854.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/www.emerald.com\/ics\/article-pdf\/19\/1\/42\/1215900\/09685221111115854.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,7,28]],"date-time":"2025-07-28T23:47:11Z","timestamp":1753746431000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.emerald.com\/ics\/article\/19\/1\/42\/178560\/Risk-analysis-methodology-used-by-several-small"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2011,3,22]]},"references-count":23,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2011,3,22]]}},"URL":"https:\/\/doi.org\/10.1108\/09685221111115854","relation":{},"ISSN":["0968-5227","1758-5805"],"issn-type":[{"type":"print","value":"0968-5227"},{"type":"electronic","value":"1758-5805"}],"subject":[],"published":{"date-parts":[[2011,3,22]]}}}