Managing Security and its Maturity in Small and Medium-sized Enterprises

Luis Sánchez; Antonio Parra; David G. Rosado; Mario Piattini

doi:10.3217/jucs-015-15-3038

JUCS - Journal of Universal Computer Science 15(15): 3038-3058, doi: 10.3217/jucs-015-15-3038

Managing Security and its Maturity in Small and Medium-sized Enterprises

Luis Enrique Sánchez^‡, Antonio Santos-Olmo Parra^§, David G. Rosado, Mario Piattini^|

‡ SICAMAN NT., Ciudad Real, Spain§ SICAMAN NT, Ciudad Real, Spain| University of Castilla-La Mancha (UCLM), Ciudad Real, Spain

Corresponding author: Luis Sánchez ( lesanchez@sicaman-nt.com )

This article is freely available under the J.UCS Open Content License.

Citation: Sánchez LE, Parra AS-O, Rosado DG, Piattini M (2009) Managing Security and its Maturity in Small and Medium-sized Enterprises. JUCS - Journal of Universal Computer Science 15(15): 3038-3058. https://doi.org/10.3217/jucs-015-15-3038

Abstract

Due to the growing dependence of information society on Information and Communication Technologies, the need to protect information is getting more and more important for enterprises. In this context, Information Security Management Systems (ISMSs), have arisen for supporting the processes and systems for effectively managing information security. The fact of having these systems available has become more and more vital for the evolution of Small and Medium-Sized Enterprises (SMEs), but however, this type of enterprises have special characteristics which make it difficult for them the correct deployment of ISMSs. In this article, we show the methodology that we have created for the development, implementation and maintenance of ISMSs, adapted for the needs and resources available for SMEs. This approach is being directly applied to real case studies and thus, we are obtaining a constant improvement in its application.

Keywords

ISMS, SME, security system