Addressing SME Characteristics for Designing Information Security Maturity Models

Publication date

2020-08

Authors

Yigit Ozkan, B.ISNI 0000000492960614
Spruit, MarcoISNI 0000000077172004

Editors

Clarke, Nathan
Furnell, Steven

Advisors

Supervisors

Document Type

Part of book
Open Access logo

License

taverne

Abstract

This paper identifies the effects of small and medium-sized enterprises’ (SME) characteristics on the general design principles for maturity models in the information security domain. The purpose is to guide the research on information security maturity modelling for SMEs that will fit in form and function for their capability assessment and development purposes, and promote organizational learning and development. This study reviews the established frameworks of general design principles for maturity models and projects the design requirements of our envisioned information security maturity model for SMEs. Maturity models have different purposes of uses (descriptive, prescriptive and comparative) and design principles with respect to these purposes of uses. The mapping of SME characteristics and design principles facilitates the development of an information security maturity model that systematically integrates the desired qualities and components addressing SME characteristics and requirements.

Keywords

Information security, Maturity model, Assessment, Process improvement, Organisational learning, SME, Taverne

Citation

Yigit Ozkan, B & Spruit, M R 2020, Addressing SME Characteristics for Designing Information Security Maturity Models. in N Clarke & S Furnell (eds), Human Aspects of Information Security and Assurance : 14th IFIP WG 11.12 International Symposium, HAISA 2020, Mytilene, Lesbos, Greece, July 8–10, 2020, Proceedings. IFIP Advances in Information and Communication Technology, vol. 593, Springer. https://doi.org/10.1007/978-3-030-57404-8_13