Effective IT Security for Small and Medium Enterprises
Surveys frequently indicate that a significant percentage of Small and MediumDimopoulos V, Furnell SM
Enterprises (SMEs) do not appropriately assess the threats to which their assets are
exposed, even though there are a number of potential methods that may be utilised. This
paper discusses the typical characteristics found within SMEs, such as the lack of security
awareness, time, funds and expertise, which are serving to impede and deter the adoption
of suitable security methods. The discussion proceeds to identify the requirements that a
security methodology needs to fulfil in order to be more applicable for these enterprises.
This leads to the proposal of a methodology that aims to eliminate the drawbacks of
existing solutions, by incorporating elements such as the use of Protection Profiles and
calculation of the Return on Investment offered by deploying security countermeasures.