Technical opinion: Information system security management in the new millennium
Communications of the ACM
Experiences in the Application of Software Process Improvement in SMES
Software Quality Control
Information security management: a new paradigm
SAICSIT '03 Proceedings of the 2003 annual research conference of the South African institute of computer scientists and information technologists on Enablement through technology
Exploring the Suitability of IS Security Management Standards for SMEs
HICSS '08 Proceedings of the Proceedings of the 41st Annual Hawaii International Conference on System Sciences
Implementing the ISO/IEC 17799 standard in practice: experiences on audit phases
AISC '08 Proceedings of the sixth Australasian conference on Information security - Volume 81
Preserving confidentiality of security policies in data outsourcing
Proceedings of the 7th ACM workshop on Privacy in the electronic society
Editorial: Model-Driven Development for secure information systems
Information and Software Technology
Information security management standards: Problems and solutions
Information and Management
Information security incident management process
Proceedings of the 2nd international conference on Security of information and networks
Information security governance framework
Proceedings of the first ACM workshop on Information security governance
Towards an empirical examination of IT security infrastructures in SME
NordSec'12 Proceedings of the 17th Nordic conference on Secure IT Systems
Hi-index | 0.00 |
The information society is increasingly more dependent upon Information Security Management Systems (ISMSs), and the availability of these systems has become crucial to the evolution of Small and Medium-size Enterprises (SMEs). However, this type of companies requires ISMSs which have been adapted to their specific characteristics. In this paper we show the strategy that we have designed for the management and reuse of security information in the information system security management process. This strategy is set within the framework of a methodology that we have designed for the integral management of information system security and maturity, denominated as "Methodology for Security Management and Maturity in Small and Mediumsized Enterprises (MSM2-SME)". This model is currently being applied in real cases, and is thus constantly improving.