Information security has become a necessity for all organizations. ITIL, designed for large organizations, has also been gradually adopted by smaller companies and has incorporated practices related to information security management (ISM). This study aims to understand the main risks associated with ISM, considering the context of micro companies. For this purpose, a qualitative model was built based on four case studies of micro companies in the information technology industry. The results show that companies are concerned about information security, given the growth of external threats. However, these companies have a lack of commitment, of resources, and of knowledge that hinder the implementation of an ISM policy. Therefore, it is evident that the challenge of ISM is demanding and should be addressed, considering that the security of an organization should be analyzed in a holistic context, where all perspectives should be considered to reflect the multidisciplinary nature of security.
Information security has become a necessity for all organizations. ITIL, designed for large organizations, has also been gradually adopted by smaller companies and has incorporated practices related to information security management (ISM). This study aims to understand the main risks associated with ISM, considering the context of micro companies. For this purpose, a qualitative model was built based on four case studies of micro companies in the information technology industry. The results show that companies are concerned about information security, given the growth of external threats. However, these companies have a lack of commitment, of resources, and of knowledge that hinder the implementation of an ISM policy. Therefore, it is evident that the challenge of ISM is demanding and should be addressed, considering that the security of an organization should be analyzed in a holistic context, where all perspectives should be considered to reflect the multidisciplinary nature of security.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.