Development of a risk assessment model for IT risk self-assessment expert system for SMEs
Abstract
The need for a unified Information Technology (IT) risk management methodology is constantly growing due to the increased usage of IT in almost every possible situation. While being a relatively new topic, risk assessment lacks scientific background and unified system to measure the level of risk and compare it to the reference data. While this process requires expertise, results may vary depending on the chosen methodology and the personal experience of the evaluator. Creating a unified risk assessment model is now an initiative supported by governmental bodies worldwide. A risk assessment model for the IT assets that is to be implemented in an expert system is proposed in this paper as well as primary test results of this system are provided.