Enhancing Information Security Management in Small and Medium Enterprises (SMEs) Through ISO 27001 Compliance

Fabricio Mera-Amores; Henry N. Roa

doi:10.1007/978-3-031-53963-3_14

Enhancing Information Security Management in Small and Medium Enterprises (SMEs) Through ISO 27001 Compliance

Fabricio Mera-Amores, Henry N. Roa^*

^*Corresponding author for this work

Faculty of Engineering

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

The ISO 27001 standard is a crucial framework for establishing Information Security Management Systems (ISMS) in organizations, irrespective of their size or sector. Its core objective is safeguarding information confidentiality, integrity, and availability through security controls and regular audits. ISO 27001 certification assures stakeholders of effective security control implementation and sensitive data management. Implementing ISO 27001 is ideal for ensuring information security but can be cost-prohibitive due to the need for process improvements, role adaptations, and a lengthy implementation process. Smaller organizations, such as SMEs, often struggle to afford the associated expenses. Consequently, many organizations opt for practical yet incomplete information security solutions. However, adopting ISO 27001 can be a valuable tool for managing information security without incurring substantial costs. This research explores how organizations can utilize ISO 27001 as a strategic tool to enhance information security management without immediate full-scale implementation. This approach provides a stepping stone towards eventual ISO 27001 certification, allowing organizations to gradually improve their information security capabilities while managing costs effectively.

Original language	English
Title of host publication	Advances in Information and Communication - Proceedings of the 2024 Future of Information and Communication Conference FICC
Editors	Kohei Arai
Publisher	Springer Science and Business Media Deutschland GmbH
Pages	197-207
Number of pages	11
ISBN (Print)	9783031539626
DOIs	https://doi.org/10.1007/978-3-031-53963-3_14
State	Published - 2024
Event	Future of Information and Communication Conference, FICC 2024 - Berlin, Germany Duration: 4 Apr 2024 → 5 Apr 2024

Publication series

Name	Lecture Notes in Networks and Systems
Volume	920 LNNS
ISSN (Print)	2367-3370
ISSN (Electronic)	2367-3389

Conference

Conference	Future of Information and Communication Conference, FICC 2024
Country/Territory	Germany
City	Berlin
Period	4/04/24 → 5/04/24

Bibliographical note

Publisher Copyright:
© The Author(s), under exclusive license to Springer Nature Switzerland AG 2024.

Keywords

ISO 27001
Information security
SMEs

UN SDGs

This output contributes to the following UN Sustainable Development Goals (SDGs)

Access to Document

10.1007/978-3-031-53963-3_14

Cite this

Mera-Amores, F., & Roa, H. N. (2024). Enhancing Information Security Management in Small and Medium Enterprises (SMEs) Through ISO 27001 Compliance. In K. Arai (Ed.), Advances in Information and Communication - Proceedings of the 2024 Future of Information and Communication Conference FICC (pp. 197-207). (Lecture Notes in Networks and Systems; Vol. 920 LNNS). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-3-031-53963-3_14

Mera-Amores, Fabricio ; Roa, Henry N. / Enhancing Information Security Management in Small and Medium Enterprises (SMEs) Through ISO 27001 Compliance. Advances in Information and Communication - Proceedings of the 2024 Future of Information and Communication Conference FICC. editor / Kohei Arai. Springer Science and Business Media Deutschland GmbH, 2024. pp. 197-207 (Lecture Notes in Networks and Systems).

@inproceedings{01eea49074bf4c6fbbacf69ae09aedfd,

title = "Enhancing Information Security Management in Small and Medium Enterprises (SMEs) Through ISO 27001 Compliance",

abstract = "The ISO 27001 standard is a crucial framework for establishing Information Security Management Systems (ISMS) in organizations, irrespective of their size or sector. Its core objective is safeguarding information confidentiality, integrity, and availability through security controls and regular audits. ISO 27001 certification assures stakeholders of effective security control implementation and sensitive data management. Implementing ISO 27001 is ideal for ensuring information security but can be cost-prohibitive due to the need for process improvements, role adaptations, and a lengthy implementation process. Smaller organizations, such as SMEs, often struggle to afford the associated expenses. Consequently, many organizations opt for practical yet incomplete information security solutions. However, adopting ISO 27001 can be a valuable tool for managing information security without incurring substantial costs. This research explores how organizations can utilize ISO 27001 as a strategic tool to enhance information security management without immediate full-scale implementation. This approach provides a stepping stone towards eventual ISO 27001 certification, allowing organizations to gradually improve their information security capabilities while managing costs effectively.",

keywords = "ISO 27001, Information security, SMEs",

author = "Fabricio Mera-Amores and Roa, {Henry N.}",

note = "Publisher Copyright: {\textcopyright} The Author(s), under exclusive license to Springer Nature Switzerland AG 2024.; Future of Information and Communication Conference, FICC 2024 ; Conference date: 04-04-2024 Through 05-04-2024",

year = "2024",

doi = "10.1007/978-3-031-53963-3_14",

language = "English",

isbn = "9783031539626",

series = "Lecture Notes in Networks and Systems",

publisher = "Springer Science and Business Media Deutschland GmbH",

pages = "197--207",

editor = "Kohei Arai",

booktitle = "Advances in Information and Communication - Proceedings of the 2024 Future of Information and Communication Conference FICC",

}

Mera-Amores, F & Roa, HN 2024, Enhancing Information Security Management in Small and Medium Enterprises (SMEs) Through ISO 27001 Compliance. in K Arai (ed.), Advances in Information and Communication - Proceedings of the 2024 Future of Information and Communication Conference FICC. Lecture Notes in Networks and Systems, vol. 920 LNNS, Springer Science and Business Media Deutschland GmbH, pp. 197-207, Future of Information and Communication Conference, FICC 2024, Berlin, Germany, 4/04/24. https://doi.org/10.1007/978-3-031-53963-3_14

Enhancing Information Security Management in Small and Medium Enterprises (SMEs) Through ISO 27001 Compliance. / Mera-Amores, Fabricio; Roa, Henry N.
Advances in Information and Communication - Proceedings of the 2024 Future of Information and Communication Conference FICC. ed. / Kohei Arai. Springer Science and Business Media Deutschland GmbH, 2024. p. 197-207 (Lecture Notes in Networks and Systems; Vol. 920 LNNS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Enhancing Information Security Management in Small and Medium Enterprises (SMEs) Through ISO 27001 Compliance

AU - Mera-Amores, Fabricio

AU - Roa, Henry N.

N1 - Publisher Copyright: © The Author(s), under exclusive license to Springer Nature Switzerland AG 2024.

PY - 2024

Y1 - 2024

N2 - The ISO 27001 standard is a crucial framework for establishing Information Security Management Systems (ISMS) in organizations, irrespective of their size or sector. Its core objective is safeguarding information confidentiality, integrity, and availability through security controls and regular audits. ISO 27001 certification assures stakeholders of effective security control implementation and sensitive data management. Implementing ISO 27001 is ideal for ensuring information security but can be cost-prohibitive due to the need for process improvements, role adaptations, and a lengthy implementation process. Smaller organizations, such as SMEs, often struggle to afford the associated expenses. Consequently, many organizations opt for practical yet incomplete information security solutions. However, adopting ISO 27001 can be a valuable tool for managing information security without incurring substantial costs. This research explores how organizations can utilize ISO 27001 as a strategic tool to enhance information security management without immediate full-scale implementation. This approach provides a stepping stone towards eventual ISO 27001 certification, allowing organizations to gradually improve their information security capabilities while managing costs effectively.

AB - The ISO 27001 standard is a crucial framework for establishing Information Security Management Systems (ISMS) in organizations, irrespective of their size or sector. Its core objective is safeguarding information confidentiality, integrity, and availability through security controls and regular audits. ISO 27001 certification assures stakeholders of effective security control implementation and sensitive data management. Implementing ISO 27001 is ideal for ensuring information security but can be cost-prohibitive due to the need for process improvements, role adaptations, and a lengthy implementation process. Smaller organizations, such as SMEs, often struggle to afford the associated expenses. Consequently, many organizations opt for practical yet incomplete information security solutions. However, adopting ISO 27001 can be a valuable tool for managing information security without incurring substantial costs. This research explores how organizations can utilize ISO 27001 as a strategic tool to enhance information security management without immediate full-scale implementation. This approach provides a stepping stone towards eventual ISO 27001 certification, allowing organizations to gradually improve their information security capabilities while managing costs effectively.

KW - ISO 27001

KW - Information security

KW - SMEs

UR - http://www.scopus.com/inward/record.url?scp=85189320397&partnerID=8YFLogxK

U2 - 10.1007/978-3-031-53963-3_14

DO - 10.1007/978-3-031-53963-3_14

M3 - Conference contribution

AN - SCOPUS:85189320397

SN - 9783031539626

T3 - Lecture Notes in Networks and Systems

SP - 197

EP - 207

BT - Advances in Information and Communication - Proceedings of the 2024 Future of Information and Communication Conference FICC

A2 - Arai, Kohei

PB - Springer Science and Business Media Deutschland GmbH

T2 - Future of Information and Communication Conference, FICC 2024

Y2 - 4 April 2024 through 5 April 2024

ER -

Mera-Amores F, Roa HN. Enhancing Information Security Management in Small and Medium Enterprises (SMEs) Through ISO 27001 Compliance. In Arai K, editor, Advances in Information and Communication - Proceedings of the 2024 Future of Information and Communication Conference FICC. Springer Science and Business Media Deutschland GmbH. 2024. p. 197-207. (Lecture Notes in Networks and Systems). doi: 10.1007/978-3-031-53963-3_14

Enhancing Information Security Management in Small and Medium Enterprises (SMEs) Through ISO 27001 Compliance

Abstract

Publication series

Conference

Bibliographical note

Keywords

UN SDGs

Access to Document

Other files and links

Cite this