Practical application of a security management maturity model for SMES based on predefined schemas

SECRYPT 2008 - International Conference on Security and Cryptography, Proceedings

Volumn , Issue , 2008, Pages 391-398

  Sánchez, Luís Enrique ^a   Villafranca, Daniel ^a   Fernández Medina, Eduardo ^b   Piattini, Mario ^b  

^a SICAMAN NT   (Spain)

^b UNIVERSITY OF CASTILLA LA MANCHA   (Spain)

Author keywords

Information security management system; ISMS; ISO27001; Maturity level; Security system; Small medium size enterprise; SME

Indexed keywords

APPLICATIONS; CRYPTOGRAPHY; ELECTRIC ENERGY STORAGE; INDUSTRIAL MANAGEMENT; SECURITY SYSTEMS;

INFORMATION SECURITY MANAGEMENT SYSTEM; ISMS; ISO27001; MATURITY LEVEL; SMALL-MEDIUM SIZE ENTERPRISE; SME;

MANAGEMENT;

EID: 58049181431     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (19)

1. Aceituno, V. (2005). "Ism3 1.0: Information security management matury model."
2. Barrientes, A. M. and K. A. Areiza (2005). Integración de un sistema de gestión de seguridad de la información conun sistema de gestión de calidad. Master's thesis, Universidad EAFIT.
3. Biever, C. (2005). Revealed: the true cost of computer crime. Computer Crime Research Center.
4. Eloff, J. and M. Eloff (2003). "Information Security Management - A New Paradigm." Annual research conference of the South African institute of computer scientists and information technologists on Enablement through technology SAICSIT'03: 130-136.
5. Garigue, R. and M. Stefaniu (2003). "Information Security Governance Reporting." Information Systems Security sept/oct: 36-40.
6. Goldfarb, A. (2006). "The medium-term effects of unavailability " Journal Quantitative Marketing and Economics 4(2): 143-171
7. Hyder, E. B., K. M. Heston, et al. (2004). The eSCM-SP v2: The eSourcing Capability Model For Service Providers (eSCM-SP) v2. Pittsburh, Pennsylvania, USA. 19 May.
8. ISO/IEC 17799 (2000). ISO/IEC 17799. Information Technology - Security techniques - Code of practice for information security management.
9. ISO/IEC 17799 (2005). ISO/IEC 17799. Information Technology - Security techniques - Code of practice for information security management.
10. ISO/IEC27002 (2007). "ISO/IEC 27002:2005, the international standard Code of Practice for Information Security Management (en desarrollo)."
11. Lee, J., J. Lee, et al. (2003). A CC-based Security Engineering Process Evaluation Model. Proceedings of the 27th Annual International Computer Software and Applications Conference (COMPSAC).
12. Sánchez, L. E., D. Villafranca, et al. (2007a). Developing a model and a tool to manage the information security in Small and Medium Enterprises. International Conference on Security and Cryptography (SECRYPT'07). Barcelona. Spain., Junio.
13. Sánchez, L. E., D. Villafranca, et al. (2007b). MMISS-SME Practical Development: Maturity Model for Information Systems Security Management in SMEs. 9th International Conference on Enterprise Information Systems (WOSIS'07). Funchal, Madeira (Portugal). June.
14. Sánchez, L. E., D. Villafranca, et al. (2007c). SCMM-TOOL: Tool for computer automation of the Information Security Management Systems. 2nd International conference on Software and Data Technologies (ICSOFT'07). , Barcelona-España Septiembre.
15. Siegel, C. A., T. R. Sagalow, et al. (2002). "Cyber-Risk Management: Technical and Insurance Controls for Enterprise-Level Security." Security Management Practices sept/oct: 33-49.
16. Telang, R. and S. Wattal (2005). Impact of Vulnerability Disclosure on Market Value of Software Vendors: An Empirical Analysis. 4h Workshop on Economics and Information Security, Boston.
17. Von Solms, B. and R. Von Solms (2001). "Incremental Information Security Certification." Computers & Security 20: 308-310.
18. Walton, J. P. (2002). Developing an Enterprise Information Security Policy. 30th annual ACM SIGUCCS conference on User services.
19. Wood, C. C. (2000). Researchers Must Disclose All Sponsors And Potential Conflicts. Computer Security Alert, San Francisco, CA, Computer Security Institute.