Welcome to the InfoSci Platform
ISMS Building for SMEs through the Reuse of Knowledge

ISMS Building for SMEs through the Reuse of Knowledge

Luís Enrique Sánchez, Antonio Santos-Olmo, Eduardo Fernandez-Medina, Mario Piattini
Copyright: © 2012 |Pages: 27
ISBN13: 9781466601970|ISBN10: 1466601973|EISBN13: 9781466601987
DOI: 10.4018/978-1-4666-0197-0.ch006
Cite Chapter Cite Chapter

MLA

Sánchez, Luís Enrique, et al. "ISMS Building for SMEs through the Reuse of Knowledge." Strategic and Practical Approaches for Information Security Governance: Technologies and Applied Solutions, edited by Manish Gupta, et al., IGI Global, 2012, pp. 90-116. https://doi.org/10.4018/978-1-4666-0197-0.ch006

APA

Sánchez, L. E., Santos-Olmo, A., Fernandez-Medina, E., & Piattini, M. (2012). ISMS Building for SMEs through the Reuse of Knowledge. In M. Gupta, J. Walp, & R. Sharman (Eds.), Strategic and Practical Approaches for Information Security Governance: Technologies and Applied Solutions (pp. 90-116). IGI Global. https://doi.org/10.4018/978-1-4666-0197-0.ch006

Chicago

Sánchez, Luís Enrique, et al. "ISMS Building for SMEs through the Reuse of Knowledge." In Strategic and Practical Approaches for Information Security Governance: Technologies and Applied Solutions, edited by Manish Gupta, John Walp, and Raj Sharman, 90-116. Hershey, PA: IGI Global, 2012. https://doi.org/10.4018/978-1-4666-0197-0.ch006

Export Reference

Mendeley
Favorite

Abstract

The information society is increasingly more dependent upon Information Security Management Systems (ISMSs), and the availability of these systems has become crucial to the evolution of Small and Medium-size Enterprises (SMEs). However, this type of companies requires ISMSs which have been adapted to their specific characteristics, and these systems must be optimized from the point of view of the resources necessary to deploy and maintain them. Over the last 10 years, the authors have obtained considerable experience in the establishment of ISMSs, and during this time, they have observed that the structure and characteristics of SMEs as regards security management are frequently very similar (since they can all be grouped by business size and sector), thus signifying that it is possible to construct patterns for ISMSs that can be reused and refined. In this chapter, the authors present the strategy that they have designed to manage and reuse security information in information system security management. This strategy is framed within a methodology designed for integral security management and its information systems maturity, denominated as “Methodology for Security Management and Maturity in Small and Medium-size Enterprises (MSM2-SME),” and it is defined in a reusable model called “Reusable Pattern for Security Management (RPSM),” which systematically defines, manages, and reuses the aforementioned methodology through a sub-process denominated as “Generation of Security Management Patterns (GSMP).” This model is currently being applied in real cases, and is thus constantly improving.

Request Access

You do not own this content. Please login to recommend this title to your institution's librarian or purchase it from the IGI Global bookstore.