Enhancing Information Security Management in Small and Medium Enterprises (SMEs) Through ISO 27001 Compliance

Fabricio Mera-Amores, Henry N. Roa

Producción científica: Capítulo del libro/informe/acta de congresoContribución de conferenciarevisión exhaustiva


The ISO 27001 standard is a crucial framework for establishing Information Security Management Systems (ISMS) in organizations, irrespective of their size or sector. Its core objective is safeguarding information confidentiality, integrity, and availability through security controls and regular audits. ISO 27001 certification assures stakeholders of effective security control implementation and sensitive data management. Implementing ISO 27001 is ideal for ensuring information security but can be cost-prohibitive due to the need for process improvements, role adaptations, and a lengthy implementation process. Smaller organizations, such as SMEs, often struggle to afford the associated expenses. Consequently, many organizations opt for practical yet incomplete information security solutions. However, adopting ISO 27001 can be a valuable tool for managing information security without incurring substantial costs. This research explores how organizations can utilize ISO 27001 as a strategic tool to enhance information security management without immediate full-scale implementation. This approach provides a stepping stone towards eventual ISO 27001 certification, allowing organizations to gradually improve their information security capabilities while managing costs effectively.

Idioma originalInglés
Título de la publicación alojadaAdvances in Information and Communication - Proceedings of the 2024 Future of Information and Communication Conference FICC
EditoresKohei Arai
EditorialSpringer Science and Business Media Deutschland GmbH
Número de páginas11
ISBN (versión impresa)9783031539626
EstadoPublicada - 2024
EventoFuture of Information and Communication Conference, FICC 2024 - Berlin, Alemania
Duración: 4 abr. 20245 abr. 2024

Serie de la publicación

NombreLecture Notes in Networks and Systems
Volumen920 LNNS
ISSN (versión impresa)2367-3370
ISSN (versión digital)2367-3389


ConferenciaFuture of Information and Communication Conference, FICC 2024

Nota bibliográfica

Publisher Copyright:
© The Author(s), under exclusive license to Springer Nature Switzerland AG 2024.

Citar esto