Abstract
This paper presents the results of a security management survey of IT administrators from small and medium sized enterprises (SMEs) who ranked predefined Critical Success Factors (CSFs) and Indicators. The outcome of this study relies on the development of a set of security management guidelines that allows IT administrators to adopt assessment and managerial security routines. The secondary contribution relies on allowing IT administrators to establish a culture of implementing and tracking the effectiveness of technical and non-technical security controls. The survey results describe how IT administrators would like the most critical aspects of security to evolve.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Torres, J.M.: ISSMF. An Information System Security Management Framework for SMEs. In: TECNUN. University of Navarra, Donostia (2007)
Sademies, A.: Process Approach to Information Security Metrics in Finnish Industry and State Institutions. Espoo (2004)
Santos, J., Sarriegi, J.M., Torres, J.M., Serrano, N.: Empirical study of the Information Systems Security Management in Basque Country SMEs. In: Proceedings of the 8th International Conference of the DS - IESE, pp. 884–893 (2005)
Berinato, S., Cosgrove, L.: Six Secrets of Highly Secure Organizations. CIO magazine (2004)
Theoharidou, M., Kokolakis, S., Karyda, M., Kiountouzis, E.: The insider threat to information systems and the effectiveness of ISO17799. Computers & Security 24, 472–484 (2005)
Dhillon, G., Moores, S.: Computer crimes: theorizing about the enemy within. Computers & Security 20, 715–723 (2001)
Mitnick, K.: The Art of Deception. Indianapolis. John Wiley Inc., Indiana (2002)
Schneier, B.: Beyond Fears. Copernicus Book ed., New York (2003)
Caralli, R.A.: The Critical Success Factor Method: Establishing a Foundation for Enterprise Security Management, Report CMU/SEI-2004-TR-010 (2004)
Dojkovski, S., Lichtenstein, S., Warren, M.J.: Fostering Information Security Culture in Small and Medium Size Enterprises: An Interpretive Study in Australia. In: Proceedings of the Fifteenth European Conference on Information Systems, St. Gallen, Switzerland, pp. 1560–1571 (2007)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Torres, J.M., Sarriegi, J.M., Hernantes, J., Lauge, A. (2009). Steering Security through Measurement. In: Fischer-Hübner, S., Lambrinoudakis, C., Pernul, G. (eds) Trust, Privacy and Security in Digital Business. TrustBus 2009. Lecture Notes in Computer Science, vol 5695. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-03748-1_10
Download citation
DOI: https://doi.org/10.1007/978-3-642-03748-1_10
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-03747-4
Online ISBN: 978-3-642-03748-1
eBook Packages: Computer ScienceComputer Science (R0)