This paper proposes a new risk management framework tailored for IT-centric micro and small companies based on the analysis of the best practices in risk management concepts, specifically the risk management frameworks. The proposed framework for risk management is a synergy of various elements from the existing frameworks, tailored to the specifics of the IT-centric micro and small companies and deals with the identified challenges for the implementation of risk management frameworks. The framework focuses on 4 elements: people, policy, methodology and process, and tools.
risk management methodology, risk management framework, ISO31000, ISO27005, enterprise risk management, IT-centric micro and small companies
© Association for Information and Communication Technologies www.ict-act.org Developed by tdelev