• KSII Transactions on Internet and Information Systems
    Monthly Online Journal (eISSN: 1976-7277)

Structure and Challenges of a Security Policy on Small and Medium Enterprises

Vol. 12, No.2, February 28, 2018
10.3837/tiis.2018.02.012, Download Paper (Free):

Abstract

Information Technology (IT) plays an increasingly important role for small and medium-sized enterprises. It has become fundamental for these companies to protect information and IT assets in relation to risks and threats that have grown in recent years. This study aims to understand the importance and structure of an information security policy, using a quantitative study that intends to identify the most important and least relevant elements of an information security policy document. The findings of this study reveal that the top three most important elements in the structure of a security policy are the asset management, security risk management and define the scope of the policy. On the other side, the three least relevant elements include the executive summary, contacts and manual inspection. Additionally, the study reveals that the importance given to each element of the security policy is slightly changed according to the sectors of activity. The elements that show the greatest variability are the review process, executive summary and penalties. On the other side, the purpose of the policy and the asset management present a stable importance for all sectors of activity.


Statistics

Show / Hide Statistics

Statistics (Cumulative Counts from December 1st, 2015)
Multiple requests among the same browser session are counted as one view.
If you mouse over a chart, the values of data points will be shown.


Cite this article

[IEEE Style]
Fernando Almeida, Inês Carvalho and Fábio Cruz, "Structure and Challenges of a Security Policy on Small and Medium Enterprises," KSII Transactions on Internet and Information Systems, vol. 12, no. 2, pp. 747-763, 2018. DOI: 10.3837/tiis.2018.02.012

[ACM Style]
Almeida, F., Carvalho, I., and Cruz, F. 2018. Structure and Challenges of a Security Policy on Small and Medium Enterprises. KSII Transactions on Internet and Information Systems, 12, 2, (2018), 747-763. DOI: 10.3837/tiis.2018.02.012