Modelling adaptive information security for SMEs in a cluster

Abstract

Purpose This paper presents a method for adapting an Information Security Focus Area Maturity (ISFAM) model to the organizational characteristics (OCs) of a small- and medium-sized enterprise (SME) cluster. The purpose of this paper is to provide SMEs with a tailored maturity model enabling them to capture and improve their information security capabilities. Design/methodology/approach Design Science Research was followed to design and evaluate the method as a design artifact. Findings The method has successfully been used to adapt the ISFAM model to a group of SMEs within a regional cluster resulting in a model that is aligned with the OCs of the cluster. Areas for further investigation and improvements were identified. Research limitations/implications The study is based on applying the proposed method for the SMEs active in the transport, logistics and packaging sector in the Port of Rotterdam. Future research can focus on different sectors and regions. The method can be used for adapting other focus area maturity models. Practical implications The resulting adapted maturity model can facilitate the creation and further development of a base of common or shared knowledge in the cluster. The adapted maturity model can cut the cost of over implementation of information security capabilities for the SMEs with scarce resources. Originality/value The resulting adapted maturity model can facilitate the creation and further development of a base of common or shared knowledge in the cluster. The adapted maturity model can cut the cost of over implementation of information security capabilities for the SMEs with scarce resources.