University of Worcester Worcester Research and Publications

IASME: Information Security Management Evolution for SMEs

Henson, Richard, Dresner, D. and Booth, D. (2011) IASME: Information Security Management Evolution for SMEs. In: ATINER 8th Annual International Conference on Small & Mediun Sized Enterprises: Management - Marketing, 1st - 4th August 2011, Athens. (Unpublished)

IASMEAtiner11_v2.pdf - Published Version

Download (120kB) | Preview


Most of the research in information risk and risk management has focused on the
needs of larger organisations. In the area of standards accreditation, the ISO/IEC
27001 Information Risk Management standard has continued to grow in acceptance
and popularity with such organisations, although not to a significant extent with
SMEs. An interesting product recently developed for ENISA (European Nations
Information Security Association) based on the Carnegie-Mellon maturity model and
aimed at SMEs has not so far filled the gap.
In this paper, a researcher and two practitioners from the UK discuss an innovative
development in the UK for addressing the information assurance needs of smaller
organisations. They also share their perceptions about the security of national
information infrastructures, and concerns that SMEs do not get the priority that their
position in the supply chain would suggest they should have.
The authors also explore the development and roll out of IASME (Information
Assurance for SMEs), which they have developed in the context of a tight market,
where spare cash is in short supply, and many SMEs are still in survival mode. The
question for the business is therefore not seen as “can we afford to spend on
information security” but “can we afford not to spend…” As well as the effect on
being able to do business at all of having an SMEs systems compromised, there are
also matters of reputation, and the growing threat of fines as a result of not complying
with laws and regulations.
The paper concludes with achievements of real businesses using the IASME process
to cost-effectively achieve information assurance levels appropriate for themselves.

Item Type: Conference or Workshop Item (Paper)
Uncontrolled Discrete Keywords: SME, Information Risk Management, Information Security Management Systems, Data Protection Legislation, Value of Data, ISO/IEC 27001, PCI DSS, ISMS
Subjects: H Social Sciences > HD Industries. Land use. Labor > HD61 Risk Management
Divisions: College of Business, Psychology and Sport > Worcester Business School
Related URLs:
Depositing User: Janet Davidson
Date Deposited: 16 Apr 2012 09:04
Last Modified: 08 Jun 2021 09:23

Actions (login required)

View Item View Item
Worcester Research and Publications is powered by EPrints 3 which is developed by the School of Electronics and Computer Science at the University of Southampton. More information and software credits.