Organizational Characteristics Influencing SME Information Security Maturity

F. Mijnhardt, T. Baars, M. Spruit

    Research output: Contribution to journalArticleAcademicpeer-review


    In the current business environment, many organizations use popular standards such as the ISO 27000x series, COBIT and related frameworks to protect themselves against security incidents. However, these standards and frameworks are overly complicated for Small to Medium sized Enterprises, leaving these organizations with no easy to understand toolkit to address their security needs. This research builds upon the recent ISFAM maturity model for SME information security as a cornerstone in the development of an assessment tool for tailor-made, fast, and easy-to-use information security advice for SMEs. By performing an extensive literature review and evaluating the results with security experts, we propose the Characterizing Organizations’ Information Security for SMEs (CHOISS) model to relate measurable organizational characteristics in four categories through forty-seven parameters to help SMEs distinguish and prioritize which risks to mitigate.
    Original languageEnglish
    Pages (from-to)106-115
    Number of pages10
    JournalJournal of Computer Information Systems
    Issue number2
    Publication statusPublished - 2016


    • information security
    • maturity matrix
    • SME
    • organizational characteristic
    • situational factor
    • ISFAM
    • CHOISS


    Dive into the research topics of 'Organizational Characteristics Influencing SME Information Security Maturity'. Together they form a unique fingerprint.

    Cite this