This resource is no longer available
Information security for SMEs
A structured approach can help small organisations formulate an information security management system
by Vadim Gordas, MSc (RHUL) and Geraint Price, ISG, Royal Holloway
A special category of organisation that requires protection of business information is small and medium enterprises (SMEs). Due to resource restrictions and insufficient maturity of IT knowledge, they face significant difficulties in setting up an effective and efficient information security control environment.
The problem is aggravated by the fact that most of the available security standards and guidance were not built with sufficient usability in mind, or tailored to an SME’s level of expertise. The situation is even worse because most SMEs ignore the implementation of even basic information security controls because of a false perception that information threats target only big corporations.
But the risk profiles for SMEs and large enterprises do not differ substantially. Both types of organisation use technology extensively and both would face serious consequences in the event of a data breach.
In this article, we propose a simplified implementation approach for an information security management system (ISMS) for SMEs. It involves the evolution of functional management systems through three maturity levels, and a new high-level risk assessment methodology that allows organisations to eliminate weaknesses in their security arrangements through a risk assessment and a control selection exercise that would take no more than a day.
Click on the button to download this report
- Vendor:
- TechTarget ComputerWeekly.com
- Posted:
- Feb 8, 2021
- Published:
- May 23, 2014
- Format:
- Type:
- Essential Guide
