Information security management framework for small and medium enterprise

Laima Kaušpadienė

Doctoral dissertation

Dissertations are not being sold



Information security is one of the concerns any organization or person faces. The list of new threats appears, and information security management mechanisms have to be established and continuously updated to be able to fight against possible security issues. To be up to date with existing information technology threats and prevention, protection, maintenance possibilities, more significant organizations establish positions or even departments, to be responsible for the information security management. However, small and medium enterprise (SME) does not have enough capacities. Therefore, the information security management situation in SMEs is fragmented and needs improvement.

In this thesis, the problem of information security management in the small and medium enterprise is analyzed. It aims to simplify the information security management process in the small and medium enterprise by proposing concentrated information and tools in information security management framework. Existence of an information security framework could motivate SME to use it in practice and lead to an increase of SME security level.

The dissertation consists of an introduction, four main chapters and general conclusions. The first chapter introduces the problem of information security management and its’ automation. Moreover, state-of-the-art frameworks for information security management in SME are analyzed and compared.

The second chapter proposes a novel information security management framework and guidelines on its adoption. The framework is designed based on existing methodologies and frameworks.

A need for a model for security evaluation based on the organization’s management structure noticed in chapter two; therefore, new probability theory-based model for organizations information flow security level estimation presented in chapter three.  The fourth chapter presents the validation of proposed security evaluation models by showing results of a case study and experts ranking of the same situations. The multi-criteria analysis was executed to evaluate the ISMF suitability to be applied in a small and medium enterprise. In this chapter, we also analyze the opinion of information technology employees in an SME on newly proposed information security management framework as well as a new model for information security level estimation.

The thesis is summarized by the general conclusions which confirm the need of newly proposed framework and associated tools as well as its suitability to be used in SME to increase the understanding of current information security threat situation.

Read electronic version of the book:


Book details

Data sheet

Imprint No:
140 p.
16 other books in the same category:

Follow us on Facebook