Information security management: factors that influence its adoption in small and mid-sized businesses

Authors

  • Abner da Silva Netto Universidade Municipal de São Caetano do Sul
  • Marco Antonio Pinheiro da Silveira Universidade Municipal de São Caetano do Sul

DOI:

https://doi.org/10.4301/S1807-17752007000300007

Keywords:

security information, ISO 27002, IT adoption, small and medium companies

Abstract

The objectives of this study were verify in what measure the small and medium companies accomplish the management security information and identify which factors influence the small and medium companies to adopt measures of management security information. The source research was exploratory-descriptive and the design used was the survey. The sample was compound of 43 metal production industries located in ABC region. According to management information security literature and Brazilian norm of information security were identified the tools or techniques of management security information and classified it into three layers: physic, logic and human. The study identified that the human layer is the one that presents the major shortage of cares in the companies followed by the logical one. The companies get used to have the antivirus as the main security tool/technique according to the researched companies to guarantee the safety of information. Besides that, the research showed that 59% of the companies have a safety satisfactory level and the main motivator factor to adopt the management security information is "to avoid possible financial loss". On the other hand, all the inhibitors factors showed important to the researched companies like: lack of knowledge, investments value, organization culture and difficulty to measure cost/benefit.

Downloads

Download data is not yet available.

Published

2007-01-01

How to Cite

Silva Netto, A. da, & Silveira, M. A. P. da. (2007). Information security management: factors that influence its adoption in small and mid-sized businesses . JISTEM - Journal of Information Systems and Technology Management (Online), 4(3), 375-397. https://doi.org/10.4301/S1807-17752007000300007

Issue

Section

nd1895518109