InfoSecMan

A Method for Approaching and Implementing Information Security in Small and Medium Enterprises

The term SME (Small and Medium Enterprises) represents a broadly deployed type of company whose main feature is to have a reduced number of employees and moderate billings. These, joined to a lack of resources and poor knowledge on information security lead to an insufficient deployment and clear lack of maturity about security measures deployment into the organization.

This fact is yet more worrisome if we take into account that this kind of organizations includes more that 90% of all worldwide enterprises, and more than 99% of the enterprises within the European Union. Here arises the need for a methodology to scenarios like this in order to provide an alternative to cross the gap between total non-compliance and the methodological deployment of security management according to a standard as ISO 27001.

This is the reason for presenting IS2ME (Information Security to the Medium Enterprise) as an approach and solution for the deployment of information security in organizations whose security model is not mature enough, but wish to undertake security deployment and its associated management system in an efficient, effective, and practical way. Such a method reduces risk in the short term while setting up a framework to achieve the required standards.

IS2ME has been developed by Samuel Linares and Ignacio Paredes, Information Security consultants who have a wide professional career covering different aspects, both technical and management, on information security. Both of them are BS 7799 Lead Auditors from 2002 and have different certifications such as CEH, GSNA, GAWN, CCSA, CCSE, SCNA, SCSA or University Specialist in Data Protection. Among others, they are members of ISACA, ISSA, ISMS Forum Spain, SANS Institue Advisory Board and vocals of the ASIMELEC Security Commission.

More information can be obtained and a free copy of IS2ME can be dowonloaded from the oficial web: http://www.is2me.org