TITLE:
The Challenge of Implementing Information Security Standards in Small and Medium e-Business Enterprises
AUTHORS:
Ja’far Alqatawna
KEYWORDS:
Information Security Standards, e-Business, Small and Medium Enterprises
JOURNAL NAME:
Journal of Software Engineering and Applications,
Vol.7 No.10,
September
24,
2014
ABSTRACT: The dynamic nature of
online systems requires companies to be proactive with thwarting information
security threats, and to follow a systematic way for managing and evaluating
the security of their online services. The existence of security standards is
an important factor that helps organisations to evaluate and manage security by
providing guidelines and best practices that enable them to follow a standard
and systematic way to protect their e-Business activities. However, the
suitability of available information security standards for Small and Medium e-Business
Enterprises (e-SME) is worth further investigation. In this paper three major security standards
including Common Criteria, System
Security Engineering-Capability and Maturity Model and ISO/IEC 27001 were
analysed. Accordingly, several
challenges associated with these standards that may render them difficult to be
implemented in e-SME have been identified.