University of Worcester Worcester Research and Publications

IASME: Information Security Management Evolution for SMEs

Henson, Richard, Dresner, D. and Booth, D. (2011) IASME: Information Security Management Evolution for SMEs. In: ATINER 8th Annual International Conference on Small & Mediun Sized Enterprises: Management - Marketing, 1st - 4th August 2011, Athens. (Unpublished)

[img] PDF
IASMEAtiner11_v2.pdf - Published Version

Download (120kB)


Most of the research in information risk and risk management has focused on the needs of larger organisations. In the area of standards accreditation, the ISO/IEC 27001 Information Risk Management standard has continued to grow in acceptance and popularity with such organisations, although not to a significant extent with SMEs. An interesting product recently developed for ENISA (European Nations Information Security Association) based on the Carnegie-Mellon maturity model and aimed at SMEs has not so far filled the gap. In this paper, a researcher and two practitioners from the UK discuss an innovative development in the UK for addressing the information assurance needs of smaller organisations. They also share their perceptions about the security of national information infrastructures, and concerns that SMEs do not get the priority that their position in the supply chain would suggest they should have. The authors also explore the development and roll out of IASME (Information Assurance for SMEs), which they have developed in the context of a tight market, where spare cash is in short supply, and many SMEs are still in survival mode. The question for the business is therefore not seen as “can we afford to spend on information security” but “can we afford not to spend…” As well as the effect on being able to do business at all of having an SMEs systems compromised, there are also matters of reputation, and the growing threat of fines as a result of not complying with laws and regulations. The paper concludes with achievements of real businesses using the IASME process to cost-effectively achieve information assurance levels appropriate for themselves.

Item Type: Conference or Workshop Item (Paper)
Uncontrolled Keywords: SME, Information Risk Management, Information Security Management Systems, Data Protection Legislation, Value of Data, ISO/IEC 27001, PCI DSS, ISMS
Subjects: H Social Sciences > HD Industries. Land use. Labor > HD61 Risk Management
Divisions: Academic Departments > Worcester Business School
Related URLs:
Depositing User: Janet Davidson
Date Deposited: 16 Apr 2012 09:04
Last Modified: 29 Apr 2016 14:40

Actions (login required)

View Item View Item
Worcester Research and Publications is powered by EPrints 3 which is developed by the School of Electronics and Computer Science at the University of Southampton. More information and software credits.