Abstract
Information security is one of the key concerns of an enterprise or organization. To assure suitable management of information security a list of information security management frameworks has been developed by a number of institutions and authors. A condensed information in information security management framework is very important to a small and medium enterprise as this type of enterprise usually lacks resources for information security expertise and deep analysis. Despite the fact, the information security management process and its frameworks, on the other hand, are very complex and require a big number of different elements. At the moment the comparison it is very shallow, as all properties of the comparison are treated equally important. In real life, the importance of different criteria of information security management framework and their suitability for small and medium enterprise vary. Therefore we use the Analytic Hierarchy Process to construct a hierarchy of information security management frameworks quality and applicability in small and medium enterprise and define the weights for each of the criteria. Weighted criteria express the importance of the criteria and executed the final comparison of alternatives (five information security management frameworks) is more realistic (similar to experts opinion) comparing to existing comparisons.
Highlights
Overarching digitalization is producing significant socio-cultural, economic and policy changes which create new opportunities, and challenges and concerns for people and communities (Salminen & Hossain, 2018)
For 1st level criteria, one weight is obtained, while for 2nd level criteria local weight is known as well as the global weight which is calculated as the product of 1st level and local weight
We overviewed several of the most known or recently published information security management frameworks, their comparison techniques and noticed there are no clearly defined criteria and their weights. This leads to a situation when no clear direction for ISM framework development is known and at the same time SME is not able to select the most suitable ISM framework without deep analysis and/or information security expert usage
Summary
Overarching digitalization is producing significant socio-cultural, economic and policy changes which create new opportunities, and challenges and concerns for people and communities (Salminen & Hossain, 2018). At the same time use of information and The economics of information security decade ago become a thriving and fast-moving discipline (Anderson & Moore, 2006) and currently provides valuable insights for security experts and for policymakers, business managers, economists and psychologists (Aminnezhad, Mahmod, & Abdullah, et al 2016). Information security risk management is a top concern as information security incidents damage organization reputation, disrupt operations and are costly; information assets are more valuable and more vulnerable than ever; breaches and vulnerabilities have made information security the chief information officers’ top priority (McLaughlin & Gogan, 2018). It is mandatory to develop the cybersecurity culture of ICT systems for users who have limited information about cybersecurity risks and cyber defence solutions (Udroiu & Vevera, 2018)
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
