论文信息 - On Information Security Guidelines for Small/Medium Enterprises

On Information Security Guidelines for Small/Medium Enterprises

The adoption rate of Internet-based technologies by United Kingdom (UK) Small and Medium Enterprises (SMEs) is regularly surveyed by the Department of Trade and Industry (DTI). Over several decades information security has evolved from early work such as the Bell La Padula (BLP) model toward widely disseminated Information Security Guidelines containing comprehensive and detailed advice. The overwhelming volume and level-of-detail provided often fails to address the information security requirements of SMEs. SMEs typically fail to implement effective Internet strategies due to lack of information security awareness, lack of technical skills and inadequate financial resources. Awareness of information security issues among SMEs is poor. The European Union supported ISA-EUNET Consortium has developed a set of best practices to support SMEs. We present a sample mapping of the Computer Security Expert Assist Team (CSEAT) Information Security Review Areas onto the Alliance for Electronic Business (AEB) web security guidelines as an example of a possible roadmap approach for SMEs to gain information security awareness.

Leonid Smalov | David Chapman

[1] Marianne Swanson,et al. Guide for Developing Security Plans for Information Technology Systems , 1998 .

[2] Walter Skok,et al. Roadmap for successful information technology transfer for small businesses , 2000, SIGCPR '00.

[3] Gary Stoneburner,et al. SP 800-30. Risk Management Guide for Information Technology Systems , 2002 .

[4] K. J. Bma. Integrity considerations for secure computer systems , 1977 .

[5] Mikko T. Siponen,et al. Designing secure information systems and software:critical evaluation of the existing approaches and a new paradigm , 2002 .

[6] 尚弘島影. National Institute of Standards and Technologyにおける超伝導研究及び生活 , 2001 .

[7] Diomidis Spinellis,et al. Security requirements, risks and recommendations for small enterprise and home-office environments , 1999, Inf. Manag. Comput. Secur..

[8] Marianne Swanson,et al. SP 800-14. Generally Accepted Principles and Practices for Securing Information Technology Systems , 1996 .

[9] Diomidis Spinellis,et al. Best Practice Dissemination : The ISA-EUNET Approach , 1999 .

[10] Marianne Swanson,et al. Security Self-Assessment Guide for Information Technology Systems , 2001 .

[11] Charles C. Wood,et al. Information Security Policies Made Easy , 1994 .

[12] David A. Bell,et al. Secure computer systems: mathematical foundations and model , 1973 .