Worcester Research and Publications

SEARCH EPRINTS:

USER PANEL:

ABOUT THE COLLECTION:

WRaP is a collection of research papers and university publications. It presents the academic and creative work of the university. You are welcome to look for and obtain items of interest and make contact with the authors and creators.

CONTACT DETAILS:

All correspondence about WRaP should be sent to the Repository Manager.

IASME: Information Security Management Evolution for SMEs

Tools

Henson, Richard, Dresner, D. and Booth, D. (2011) IASME: Information Security Management Evolution for SMEs. In: ATINER 8th Annual International Conference on Small & Mediun Sized Enterprises: Management - Marketing, 1st - 4th August 2011, Athens. (Unpublished)

Preview

PDF
IASMEAtiner11_v2.pdf - Published Version
Download (120kB) | Preview

Abstract

Most of the research in information risk and risk management has focused on the
needs of larger organisations. In the area of standards accreditation, the ISO/IEC
27001 Information Risk Management standard has continued to grow in acceptance
and popularity with such organisations, although not to a significant extent with
SMEs. An interesting product recently developed for ENISA (European Nations
Information Security Association) based on the Carnegie-Mellon maturity model and
aimed at SMEs has not so far filled the gap.
In this paper, a researcher and two practitioners from the UK discuss an innovative
development in the UK for addressing the information assurance needs of smaller
organisations. They also share their perceptions about the security of national
information infrastructures, and concerns that SMEs do not get the priority that their
position in the supply chain would suggest they should have.
The authors also explore the development and roll out of IASME (Information
Assurance for SMEs), which they have developed in the context of a tight market,
where spare cash is in short supply, and many SMEs are still in survival mode. The
question for the business is therefore not seen as “can we afford to spend on
information security” but “can we afford not to spend…” As well as the effect on
being able to do business at all of having an SMEs systems compromised, there are
also matters of reputation, and the growing threat of fines as a result of not complying
with laws and regulations.
The paper concludes with achievements of real businesses using the IASME process
to cost-effectively achieve information assurance levels appropriate for themselves.

Item Type:	Conference or Workshop Item (Paper)
Uncontrolled Discrete Keywords:	SME, Information Risk Management, Information Security Management Systems, Data Protection Legislation, Value of Data, ISO/IEC 27001, PCI DSS, ISMS
Subjects:	H Social Sciences > HD Industries. Land use. Labor > HD61 Risk Management
Divisions:	College of Business, Psychology and Sport > Worcester Business School
Related URLs:	Organisation
Depositing User:	Janet Davidson
Date Deposited:	16 Apr 2012 09:04
Last Modified:	08 Jun 2021 09:23
URI:	https://eprints.worc.ac.uk/id/eprint/1600

Actions (login required)

View Item

CORE (COnnecting REpositories)

© University of Worcester Henwick Grove, WR2 6AJ Tel: 01905 855000 | Materials in WRaP are protected by copyright and other intellectual property rights. By using WRaP you agree to abide by UK copyright laws.

Worcester Research and Publications is powered by EPrints 3 which is developed by the School of Electronics and Computer Science at the University of Southampton. More information and software credits.