Effective Information Assurance for SMEs |
Evidence suggests that SMEs are frequent victims of security incidents. Even though there are a number of solutions, ranging from baseline guidelines to a detailed Risk Assessment, these are often not employed due to constraints such as lack of budget and related skills. This paper proposes a method specifically tailored to SMEs lacking in-house security expertise. It can assist them in understanding the threats they face, while at the same time presenting appropriate information to enable management to evaluate their organisation’s current IT security situation and select appropriate countermeasures.
Dimopoulos V, Furnell SM, Clarke NL