Security culture in small and medium-size enterprise

Abstract

The information society depends ever-increasingly on Information Security Management Systems (ISMSs), and these systems have become vital to SMEs. However, ISMSs must be adapted to SME's specific characteristics, and they must be optimised from the point of view of the resources which are necessary to install and maintain them. Furthermore, when installing ISMSs, the majority of models have until now been centred on technical and management aspects, and the third aspect, which is institutional and is of particular relevance to SMEs, has been virtually ignored. In this paper we present the importance of the security culture for SMEs, along with our proposal to introduce this concept into SMEs in a progressive and sustainable manner. The model is currently being applied in real cases, thus leading to a constant improvement in its application. © 2010 Springer-Verlag.