Organizational Characteristics Influencing SME Information Security Maturity

F. Mijnhardt, T. Baars, M. Spruit

    Research output: Contribution to journalArticleAcademicpeer-review

    Abstract

    In the current business environment, many organizations use popular standards such as the ISO 27000x series, COBIT and related frameworks to protect themselves against security incidents. However, these standards and frameworks are overly complicated for Small to Medium sized Enterprises, leaving these organizations with no easy to understand toolkit to address their security needs. This research builds upon the recent ISFAM maturity model for SME information security as a cornerstone in the development of an assessment tool for tailor-made, fast, and easy-to-use information security advice for SMEs. By performing an extensive literature review and evaluating the results with security experts, we propose the Characterizing Organizations’ Information Security for SMEs (CHOISS) model to relate measurable organizational characteristics in four categories through forty-seven parameters to help SMEs distinguish and prioritize which risks to mitigate.
    Original languageEnglish
    Pages (from-to)106-115
    Number of pages10
    JournalJournal of Computer Information Systems
    Volume56
    Issue number2
    DOIs
    Publication statusPublished - 2016

    Keywords

    • information security
    • maturity matrix
    • SME
    • organizational characteristic
    • situational factor
    • ISFAM
    • CHOISS

    Fingerprint

    Dive into the research topics of 'Organizational Characteristics Influencing SME Information Security Maturity'. Together they form a unique fingerprint.

    Cite this