Regresar

Practical application of a security management maturity model for SMES based on predefined schemas

Abstract:

For enterprises to be able to use information technologies and communications with guarantees, it is necessary to have an adequate security management system and tools which allow them to manage it. In small and medium-sized enterprises, the application of security standards has an additional problem, which is the fact that they do not have enough resources to carry out an appropriate management. This security management system must have highly reduced costs for its implementation and maintenance in small and medium-sized enterprises (from here on refered to as SMEs) to be feasible. In this paper we show the practical application of our proposal for a maturity model with which to manage the security in SMEs, centring upon the phase which determines the state of the enterprise and some of the mechanisms which allow the security level to be kept up to date without the need for continuous audits. This focus is continuously refined through its application to real cases, the results of which are shown in this paper.

Año de publicación:

2008

Keywords:

  • Small-medium size enterprise
  • ISMS
  • SME
  • Information security management system
  • Maturity level
  • ISO27001
  • Security system

Fuente:

scopusscopus

Tipo de documento:

Conference Object

Estado:

Acceso restringido

Áreas de conocimiento:

    Áreas temáticas:

    • Dirección general
    • Programación informática, programas, datos, seguridad
    • Derecho privado

    Contribuidores:

    Fernandez-Medina E.Fernandez-Medina E.
    Piattini-Velthuis M.Piattini-Velthuis M.
    Villafranca D.Villafranca D.
    Luis Enrique Sánchez CrespoLuis Enrique Sánchez Crespo