Premium
Maturity assessment and process improvement for information security management in small and medium enterprises
Author(s) -
Cholez Hervé,
Girard Frédéric
Publication year - 2014
Publication title -
journal of software: evolution and process
Language(s) - English
Resource type - Journals
SCImago Journal Rank - 0.371
H-Index - 29
eISSN - 2047-7481
pISSN - 2047-7473
DOI - 10.1002/smr.1609
Subject(s) - maturity (psychological) , capability maturity model , information security , context (archaeology) , business , work (physics) , process (computing) , christian ministry , information security management , process management , small and medium sized enterprises , standard of good practice , knowledge management , computer science , security information and event management , computer security , security service , cloud computing security , engineering , political science , finance , network security policy , cloud computing , software , biology , operating system , paleontology , programming language , mechanical engineering , law
SUMMARY Information security is a central concern inside organisations, but it remains quite difficult for most small entities to implement and maintain information security. In this context, the Public Research Centre Henri Tudor and the Luxembourg's Ministry of Economy and Foreign Trade decided to enhance information security awareness and management in Luxembourg's small and medium enterprises. Therefore, our research work aims to propose a method adapted to small and medium enterprises to conduct a first assessment of the enterprises information security maturity and improve their process accordingly. This paper describes the framework developed and presents its validation in industry. The results of applying the method in industry are positive and show a lack in organisational maturity for the information security. The future challenge of this assessment method is to be integrated into an information security web platform and use the large amount of statistics to continuously improve and contextualise the proposed tool. Copyright © 2013 John Wiley & Sons, Ltd.