Addressing SME Characteristics for Designing Information Security Maturity Models

B. Yigit Ozkan, M.R. Spruit

    Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

    Abstract

    This paper identifies the effects of small and medium-sized enterprises’ (SME) characteristics on the general design principles for maturity models in the information security domain. The purpose is to guide the research on information security maturity modelling for SMEs that will fit in form and function for their capability assessment and development purposes, and promote organizational learning and development. This study reviews the established frameworks of general design principles for maturity models and projects the design requirements of our envisioned information security maturity model for SMEs. Maturity models have different purposes of uses (descriptive, prescriptive and comparative) and design principles with respect to these purposes of uses. The mapping of SME characteristics and design principles facilitates the development of an information security maturity model that systematically integrates the desired qualities and components addressing SME characteristics and requirements.
    Original languageEnglish
    Title of host publicationHuman Aspects of Information Security and Assurance
    Subtitle of host publication14th IFIP WG 11.12 International Symposium, HAISA 2020, Mytilene, Lesbos, Greece, July 8–10, 2020, Proceedings
    EditorsNathan Clarke, Steven Furnell
    PublisherSpringer
    ISBN (Electronic)978-3-030-57404-8
    ISBN (Print)978-3-030-57403-1
    DOIs
    Publication statusPublished - Aug 2020

    Publication series

    NameIFIP Advances in Information and Communication Technology
    PublisherSpringer
    Volume593
    ISSN (Print)1868-4238
    ISSN (Electronic)1868-422X

    Keywords

    • Information security
    • Maturity model
    • Assessment
    • Process improvement
    • Organisational learning
    • SME

    Fingerprint

    Dive into the research topics of 'Addressing SME Characteristics for Designing Information Security Maturity Models'. Together they form a unique fingerprint.

    Cite this