Towards an empirical examination of IT security infrastructures in SME

Abstract

Despite the availability of numerous techniques for information security management and implementation, still many small-to-medium sized enterprises (SME) lack a holistic IT security infrastructure. There have been proposed various reasons for this, ranging from lacking security awareness to the complexity of solutions. However, it remains an open issue how an IT security infrastructure suitable for SME should be designed. This paper presents a research model describing the dependencies between security threats, requirements, and the related framework components. It also accounts for the adoption of security solutions in SME and the impact of human and technical factors. The model allows to quantitatively study the influences on security requirements and the adoption of the respective technologies. This is partially demonstrated by an empirical study conducted among south german SME. The obtained results reveal the current security technology adoption by SME and emphasize the need for an appropriate IT security infrastructure framework. © 2012 Springer-Verlag.