Abstract
In this study, an information security management system is developed through theoretical and literary approach aiming at efficient and sys-tematic information security of Korean small and medium size businesses, considering the restrictions of the literature review on the information security management systems and the inherent characteristics of the small and medium size businesses. The management system was divided into the 3 areas of the supporting environment of the information security, establishment of the information security infrastructure, and management of the information security. Through verification by statistical methods(reliability analysis, feasibility study) based on the questionnaire for the specialists, the overall information security management system is structures with the 3 areas, 8 management items, and 18 detailed items of the management system. On the basis of this study, it is expected that small and medium size businesses will be able to establish information security management systems in accordance with the information security policy incorporating the existing informatization strategies and management strategies, information security systems which will enhance existing information management, and concrete plans for follow up management.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
BSI(U.K), BS 7799 part1: Information Security Management - Code of Practice for Information Security Management (1999)
Cohen, F.: Managing Network Security: How does a typical IT audit work? Network Security (1998)
Doukidis, G.I., Lybereas, P., Galliers, R.D.: Information systems planning in Small business: A stages of Growth Analysis. J. Systmes software (1996)
Kovacich, G.: Establishing an information systems security organization. Computer & Security 17 (1998)
Gupta, M., Cawthorn, G.: Managerial Implications of Flexible Manufacturing for SMEs (Elsevier Advanced Technology) (1996)
ISACA, Information Security Governance, Guidance for Boards of Directors and Executive Management, IT Governance Institute (2001)
ISO/IEC: ISO/IEC TR 13335-4: 2000(E), Information Technology - Guidelines for the Management of IT Security Part 4 (2000)
Eloff, J., Eloff, M.: Information Security Management - A New Paradigm. In: Proceedings of SAICSIT (2003)
Levy, M., Powell, P.: SME Flexibility and the Role of Information Systems (Small Business Economics) (1998)
Weill, P., Vitale, M.: MIS Quarterly Executive. What IT Infrastructure Capabilities are needed to Implement e-Business Models (2002)
XiSEC/AEXIS Consultants, BS7799 Information Security SME Guide, XiSEC/AEXIS Consultants (2002)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Chang, H., Kim, J., Lim, S. (2006). Information Security Management System for SMB in Ubiquitous Computing. In: Gavrilova, M.L., et al. Computational Science and Its Applications - ICCSA 2006. ICCSA 2006. Lecture Notes in Computer Science, vol 3983. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11751632_77
Download citation
DOI: https://doi.org/10.1007/11751632_77
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-34077-5
Online ISBN: 978-3-540-34078-2
eBook Packages: Computer ScienceComputer Science (R0)