Information security management in SMEs: factors of success

Abstract

While the consecutive metamorphoses in the world economy changes the paradigm of doing business, the sources of success of almost every type of business transfer from tangible to intangible assets, and the information and its value becomes more and more significant, especially in the segment of small and medium sized enterprises. The aim of this paper was to identify the factors of success of information security management in segment of SMEs in Slovakia. Based on the literature research we identified 4 main factors of success of information security management, including the Compliance of information security management with the company's business activities, Support of top management, Security controls and Organizational awareness. To identify the importance and interconnections of the specified factors we have addressed senior IT security experts from SMEs in Slovakia. The experts evaluated the significance and relationships the factors of success of information security management and the results of the expert evaluation were processed using the DEMATEL technique. The results of the research show that the Security Controls and Supportive top management are the most important factors in general, while the factor of organizational awareness is the most obvious and important in the short-term period. Our results imply that SMEs should promote organizational awareness in information security management in line with implementation of the security controls at the first line of the defense.