Managing Security and its Maturity in Small and Medium-sized Enterprises

  title={Managing Security and its Maturity in Small and Medium-sized Enterprises},
  author={Lu{\'i}s Enrique Sanchez and Antonio Santos-Olmo Parra and David G. Rosado and Mario G. Piattini},
  journal={J. Univers. Comput. Sci.},
Due to the growing dependence of information society on Information and Communication Technologies, the need to protect information is getting more and more important for enterprises. In this context, Information Security Management Systems (ISMSs), have arisen for supporting the processes and systems for effectively managing information security. The fact of having these systems available has become more and more vital for the evolution of Small and Medium-Sized Enterprises (SMEs), but however… 

Figures from this paper

Security Culture in Small and Medium-Size Enterprise

The importance of the security culture for SMEs is presented, along with the proposal to introduce this concept into SMEs in a progressive and sustainable manner.

Building ISMS through the Reuse of Knowledge

This paper shows the strategy that is designed for the management and reuse of security information in the information system security management process, set within the framework of a methodology that is currently being applied in real cases, and is thus constantly improving.

The Importance of the Security Culture in SMEs as Regards the Correct Management of the Security of Their Assets

How important the security culture within ISMSs is for SMEs is shown, and how the concept of security culture has been introduced into a security management methodology (MARISMA is a Methodology for “Information Security Management System in SMEs” developed by the Sicaman Nuevas Tecnologias Company, Research Group GSyA and Alarcos of the University of Castilla-La Mancha).

Towards an Empirical Examination of IT Security Infrastructures in SME

A research model describing the dependencies between security threats, requirements, and the related framework components is presented and it also accounts for the adoption of security solutions in SME and the impact of human and technical factors.

Applying the Action-Research Method to Develop a Methodology to Reduce the Installation and Maintenance Times of Information Security Management Systems

The different cycles carried out using the ‘Action Research (AR)’ method have allowed the development of a security management methodology for SMEs that is able to automate processes and reduce the implementation time of the ISMS.

IASME: Information Security Management Evolution for SMEs

An innovative development in the UK for addressing the information assurance needs of smaller organisations is discussed, and perceptions about the security of national information infrastructures are shared, and concerns that SMEs do not get the priority that their position in the supply chain would suggest they should have are shared.

Methodology for Dynamic Analysis and Risk Management on ISO27001

A new methodology, called MARISMA, is presented, aimed at carrying out a risk analysis simplified and dynamic, which is valid for all companies, including SMEs, and to provide solutions to the problems identified during the application of the scientific method "Action Research".

An Overview of Current Information Systems Security Challenges and Innovations

Information Systems Security is one of the most pressing challenges confronting all kinds of present-day organizations as the so-called information society is increasingly dependent on a wide range of software systems whose mission is critical.

Information Systems Threats and Vulnerabilities

Security of Information Systems is a major concern these days in all spheres of Financial, government, private sectors, hence ensuring stability and security of these information system is of paramount importance to these businesses.

Information Assurance and SMEs: Research Findings to inform the development of the IASME model

This paper reviews the research findings of the University of Worcester on SMEs in 2009 and looks at other recent academic and corporate research on SME data security in the EU and the rest of the

Formal Information Security Standards in German Medium Enterprises

This paper deals with the acceptance of formal standards among medium enterprises and analyzes their suitability with respect to company size and discusses typical challenges to their implementation.

Information systems security issues and decisions for small businesses: An empirical examination

The results of this study indicate that the small business owners may have procedures and policies in place and may use technologies to counteract the security threat, but this research raised doubts about their effectiveness.

Information security management standards: Compliance, governance and risk management

Exploring the Suitability of IS Security Management Standards for SMEs

  • Yves BarletteV. Fomin
  • Computer Science
    Proceedings of the 41st Annual Hawaii International Conference on System Sciences (HICSS 2008)
  • 2008
It is suggested, among other, that the legislative environment can play a crucial role for further growth of security standards adoption.

Aligning the information security policy with the strategic information systems plan

Security Engineering with Patterns

  • M. Schumacher
  • Computer Science
    Lecture Notes in Computer Science
  • 2003
It is shown that recent security approaches are not sufficient and described how Security Patterns contribute to the overall process of security engineering, and a Security Pattern System provides linkage between Security Patterns.

Information security management: a new paradigm

An ISMS addresses all aspects in an organisation that deals with creating and maintaining a secure information environment and can help with the assessment of the trustworthiness of an organisation's information security arrangements by other organisations.

Paradigm of information security as interdisciplinary comprehensive science

  • S. Tsujii
  • Computer Science
    2004 International Conference on Cyberworlds
  • 2004
This paper considers the paradigm of information security as an interdisciplinary comprehensive science and the way to develop human resources, both of which are required to establish information security.

Leveraging global resources: a process maturity framework for managing distributed development

This work identifies 24 new KPAs that address the wide-ranging capabilities needed for managing distributed software development and arrange them in an evolutionary order similar to the CMM framework to help firms systematically assess their situations and plan for improvements.