A research journey into maturing the business information security of mid market organizations
Faculty of Applied Economics
International journal of IT/business alignment and governance
, p. 18-39
University of Antwerp
Most information security methodologies are aimed at large enterprise organizations with a top-down structure, while relatively smaller organizations have insufficient knowledge to adopt this methodology. Most of the frameworks used by enterprises focus on high-level policy-making and the overwhelming amount of controls might suffocate practitioners in smaller organizations. This article examines the results of an exploratory study, performed in the Netherlands in Q1&Q2 of 2010. The study used expert panel research followed by a survey. The research found essential interventions to easily and effectively increase security maturity for mid market organizations. The research also found barriers for not implementing these interventions by the midmarket. This paper provides a minimum core set of practices for organizations. It shows that mid market organizations struggle with implementing relevant interventions. This research contributes a new pragmatic approach to assist mid market organizations practitioners with more guidance on how to effectively establish the desired state of security maturity.