Desirable Characteristics for an ISMS Oriented to SMEs

Antonio Santos-Olmo, Luis Enrique Sánchez, Eduardo Fernández-Medina, Mario Piattini

2011

Abstract

Information Society depends more and more on Information Security Management Systems (ISMSs) and the availability of these systems has become vital for SMEs’ evolution. However, this kind of companies need that ISMSs are adapted to their special characteristics as well as optimized from the viewpoint of the necessary resources to implement and maintain them. In this paper, we present an analysis of the different proposals that are arising oriented to im-plement ISMSs into SMEs with the purpose of determining the characteristics that a security management methodology oriented to SMEs should have.

References

  1. Kluge, D. Formal Information Security Standards in German Medium Enterprises. in CONISAR: The Conference on Information Systems Applied Research. 2008.
  2. Dhillon, G. and J. Backhouse, Information System Security Management in the New Millennium. Communications of the ACM, 2000. 43(7): p. 125-128.
  3. Park, C.-S., S.-S. Jang, and Y.-T. Park, A Study of Effect of Information Security Management System [ISMS] Certification on Organization Performance. IJCSNS International Journal of Computer Science and Network Security., 2010. 10(3): p. 10-21.
  4. Barlette, Y. and V. Vladislav. Exploring the Suitability of IS Security Management Standards for SMEs. in Hawaii International Conference on System Sciences, Proceedings of the 41st Annual. 2008. Waikoloa, HI, USA.
  5. Fal, A.M., Standardization in information security management Cybernetics and Systems Analysis 2010. 46(3): p. 181-184.
  6. Wiander, T. and J. Holappa, Theoretical Framework of ISO 17799 Compliant. Information Security Management System Using Novel ASD Method., in Technical Report, V.T.R.C.o. Finland, Editor. 2006.
  7. Coles-Kemp, E. and R.E. Overill. The Design of Information Security Management Systems for Small-to-Medium Size Enterprises. in ECIW - The 6th European Conference on Information Warfare and Security. 2007. Shrivenham, UK: Defence College of Management and Technology.
  8. Sánchez, L. E., et al. MMISS-SME Practical Development: Maturity Model for Information Systems Security Management in SMEs. in 9th International Conference on Enterprise Information Systems (WOSIS'07). 2007b. Funchal, Madeira (Portugal). June.
  9. Sánchez, L. E., et al. Developing a model and a tool to manage the information security in Small and Medium Enterprises. in International Conference on Security and Cryptography (SECRYPT'07). 2007a. Barcelona. Spain.: Junio.
  10. Sánchez, L. E., et al. Developing a maturity model for information system security management within small and medium size enterprises. in 8th International Conference on Enterprise Information Systems (WOSIS'06). 2006. Paphos (Chipre). March.
  11. Sánchez, L. E., et al. SCMM-TOOL: Tool for computer automation of the Information Security Management Systems. in 2nd International conference on Software and Data Technologies (ICSOFT'07). . 2007c. Barcelona-España Septiembre.
  12. Sánchez, L. E., et al. Practical Application of a Security Management Maturity Model for SMEs Based on Predefined Schemas. in International Conference on Security and Cryptography (SECRYPT'08). 2008. Porto-Portugal.
  13. Velásquez, N. and M. Estayno. Desarrollo y Mantenimiento Seguro de Software para Pyme: MoProSoft alienado a ISO/IEC 17799:2005. in IV Congreso Iberoamericano de Seguridad Informática (CIBSI'07). 2007. Mar de Plata. Argentina.: Noviembre.
  14. ISO/IEC27001, ISO/IEC 27001, Information Technology - Security Techniques Information security management systemys - Requirements. 2005.
  15. ISO/IEC20000, ISO/IEC20000, Service Management IT. 2005.
  16. ITILv3.0, ITIL, Information Technology Infrastructure Library., C.C.a.T.A. (CCTA). Editor. 2007.
  17. COBITv4.0, Cobit Guidelines, Information Security Audit and Control Association. 2006.
  18. ISM3, Information security management matury model (ISM3 v.2.0). 2007, ISM3 Consortium.
  19. Eloff, J. and M. Eloff, Information Security Management - A New Paradigm. Annual research conference of the South African institute of computer scientists and information technologists on Enablement through technology SAICSIT03, 2003: p. 130-136.
  20. Areiza, K.A., et al., Hacia un modelo de madurez para la seguridad de la información. 3er Congreso Iberoamericano de seguridad Informática, 2005a. Nov, (2005): p. 429 - 442.
  21. Dojkovski, S., S. Lichtenstein, and M.J. Warren. Challenges in Fostering an Information Security Culture in Australian Small and Medium Sized Enterprises. in 5th European Conference on Information Warfare and Security. 2006. Helsinki, Finland: 1-2 June.
  22. Sneza, D., L. Sharman, and W. Matthew John. Fostering information security culture in small and medium size enterprises: An interpretive study in australia. in the Fifteenth European Conference on Information Systems. 2007. University of St. Gallen, St. Gallen.
  23. Linares, S. and I. Paredes (2007) IS2ME: Information Security to the Medium Enterprise. Volume,
  24. Wiander, T. and J. Holappa, Managing Information Security in Small and Medium-sized Organization, in Handbook of Research on Information Security and Assurancence. 2007.
  25. Carey-Smith, M.T., K.J. Nelson, and L.J. May. Improving Information Security Management in Nonprofit Organisations with Action Research. in Proceedings of The 5th Australian Information Security Management Conference. 2007. Perth, Western Australia: School of Computer and Information Science. Edith Cowan University.
  26. Tawileh, A., J. Hilton, and S. McIntosh, Managing Information Security in Small and Medium Sized Enterprises: A Holistic Approach, in ISSE/SECURE 2007 Securing Electronic Business Processes, Vieweg, Editor. 2007. p. 331-339.
  27. Batista, J. and A. Figueiredo, SPI in very small team: a case with CMM. Software Process Improvement and Practice, 2000. 5(4): p. 243-250.
  28. Hareton, L. and Y. Terence, A Process Framework for Small Projects. Software Process Improvement and Practice, 2001. 6: p. 67-83.
  29. Tuffley, A., B. Grove, and M. G, SPICE For Small Organisations. Software Process Improvement and Practice, 2004. 9: p. 23-31.
  30. Calvo-Manzano, J.A., Método de Mejora del Proceso de desarrollo de sistemas de información en la pequeña y mediana empresa (Tesis Doctoral). Universidad de Vigo. 2000.
  31. Mekelburg, D., Sustaining Best Practices: How Real-World Software Organizations Improve Quality Processes. Software Quality Professional, 2005. 7(3): p. 4-13.
  32. Sánchez, L.E., et al., MGSM-PYME: Metodología para la gestión de la seguridad y su madurez en las PYMES., in V Congreso Iberoamericano de Seguridad Informática. 2009: Montevideo, Uruguay.
  33. Awad, E. and H. Ghaziri, Knowledge Management, ed. P. Hall. 2003.
Download


Paper Citation


in Harvard Style

Santos-Olmo A., Enrique Sánchez L., Fernández-Medina E. and Piattini M. (2011). Desirable Characteristics for an ISMS Oriented to SMEs . In Proceedings of the 8th International Workshop on Security in Information Systems - Volume 1: WOSIS, (ICEIS 2011) ISBN 978-989-8425-61-4, pages 151-158. DOI: 10.5220/0003593801510158


in Bibtex Style

@conference{wosis11,
author={Antonio Santos-Olmo and Luis Enrique Sánchez and Eduardo Fernández-Medina and Mario Piattini},
title={Desirable Characteristics for an ISMS Oriented to SMEs},
booktitle={Proceedings of the 8th International Workshop on Security in Information Systems - Volume 1: WOSIS, (ICEIS 2011)},
year={2011},
pages={151-158},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0003593801510158},
isbn={978-989-8425-61-4},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 8th International Workshop on Security in Information Systems - Volume 1: WOSIS, (ICEIS 2011)
TI - Desirable Characteristics for an ISMS Oriented to SMEs
SN - 978-989-8425-61-4
AU - Santos-Olmo A.
AU - Enrique Sánchez L.
AU - Fernández-Medina E.
AU - Piattini M.
PY - 2011
SP - 151
EP - 158
DO - 10.5220/0003593801510158