Pascal Lehner con Improving Information Security in Small and Medium Enterprises (English Edition)
Small and medium sized enterprises with up to 250 employees represent the majority of organisations in western countries, offering up to 60% of all jobs and generating up to 60% of the economic value added. However, even though SME are an important part of the world economy and possess valuable knowledge and information, only a few studies on information security in SME exist, and most available information security frameworks and standards focus on large companies. Furthermore, the frameworks designed for SME are often overly formalistic and process-focused, and require more personnel or knowledge than an average SME might want to assign to this task. To allow SME to implement a certain basic information security protocol within their resources allowance, the SBISM model is being introduced. SBISM focuses on recognising and mitigating the biggest risks with the highest impacts by implementing a regularly reviewed security and incident response policy.