Mon, 18. Sep. 2017 Helge Schmermbeck
Vacant master thesis: Improving IT risk management in German SMEs
The recent global malware attacks (Locky, WannaCry, NotPetya, ...) have reinforced the importance of adequate IT risk and IT security management in enterprises across all industries. Small and medium enterprises (SMEs) are particularly vulnerable to such attacks, as well as to other common IT risks, due to their scarce resources for IT management tasks that do not contribute directly to the day-to-day business operations.
In order to improve the IT risk and security management effectiveness in SMEs, a previous master thesis - winner of the ISACA Thesis Award 2016 - developed a proposal for an uncomplicated and accessible IT risk management framework tailored to the SME context. While the framework itself was evaluated positively, the framework's evaluation also highlighted a number of potential barriers in the way of its easy adoption - although it only considered two SMEs in the healthcare sector.
- The goal of a new master thesis in this respect is to deepen our understanding of the potential barriers to the adoption of an uncomplicated and accessible IT risk management framework in SMEs in the healthcare sector and beyond. This will be achieved by
- developing the existing framework evaluation approach further,
- systematically identifying ('sampling') a good number of suitable organizations to examine,
- conducting a number of interviews with representatives from the previously identified organizations, and
- systematically and rigorously analyzing the resulting data to provide well-grounded recommendations on how to further develop the IT risk management framework for SMEs to facilitate its adoption in SMEs across all industries.
Please apply for this excellent opportunity and interesting master thesis as soon as possible.
Note: This master thesis is offered as part of a research project in collaboration with Dr. Andreas Drechsler, Victoria University of Wellington, New Zealand, who will also play an active role in the supervision process.