Addressing SME Characteristics for Designing Information Security Maturity Models
Publication date
2020-08
Editors
Clarke, Nathan
Furnell, Steven
Advisors
Supervisors
Document Type
Part of book
Metadata
Show full item recordCollections
License
taverne
Abstract
This paper identifies the effects of small and medium-sized enterprises’ (SME) characteristics on the general design principles for maturity models in the information security domain. The purpose is to guide the research on information security maturity modelling for SMEs that will fit in form and function for their capability assessment and development purposes, and promote organizational learning and development. This study reviews the established frameworks of general design principles for maturity models and projects the design requirements of our envisioned information security maturity model for SMEs. Maturity models have different purposes of uses (descriptive, prescriptive and comparative) and design principles with respect to these purposes of uses. The mapping of SME characteristics and design principles facilitates the development of an information security maturity model that systematically integrates the desired qualities and components addressing SME characteristics and requirements.
Keywords
Information security, Maturity model, Assessment, Process improvement, Organisational learning, SME, Taverne
Citation
Yigit Ozkan, B & Spruit, M R 2020, Addressing SME Characteristics for Designing Information Security Maturity Models. in N Clarke & S Furnell (eds), Human Aspects of Information Security and Assurance : 14th IFIP WG 11.12 International Symposium, HAISA 2020, Mytilene, Lesbos, Greece, July 8–10, 2020, Proceedings. IFIP Advances in Information and Communication Technology, vol. 593, Springer. https://doi.org/10.1007/978-3-030-57404-8_13