The Proceedings of the Conference on Information Systems Applied Research 2008: §1533
|Thu, Nov 6, 1:30 - 1:55, Pueblo C Paper (refereed)
|Recommended Citation: Kluge, D and S E Sambasivam. Formal Information Security Standards in German Medium Enterprises. In The Proceedings of the Conference on Information Systems Applied Research 2008, v 1 (Phoenix): §1533. ISSN: 0000-0000.
Formal Information Security Standards in German Medium Enterprises
During the last ten years, the role of formal information security standards has gained importance. In several ways, they can be helpful in achieving security of business information systems. One of them is the provision of comprehensive collections of evaluation criteria and security measures. Such can be the basis of a holistic security strategy in that they can act as basis for security policies and auditing schemes. Large enterprises appear to have determined security strategies and written security policies as a matter of course and in most cases it can be anticipated that formal standards have been their origin. As for firms from the medium size sector, this is less often the case. This paper deals with the acceptance of formal standards among medium enterprises. We analyze their suitability with respect to company size and discuss typical challenges to their implementation.
Keywords: Information Security, Medium Enterprises, Formal Standards, ISO 27001, Suitability
Read this refereed paper in Adobe Portable Document (PDF) format. (12 pages, 724 K bytes)
Preview this refereed paper in Plain Text (TXT) format. (41 K bytes)
Comments and corrections to