The Importance of the Security Culture in SMEs as Regards the Correct Management of the Security of Their Assets

Future Internet. 2016;8(3):30 DOI 10.3390/fi8030030


Journal Homepage

Journal Title: Future Internet

ISSN: 1999-5903 (Print)

Publisher: MDPI AG

LCC Subject Category: Technology: Technology (General): Industrial engineering. Management engineering: Information technology

Country of publisher: Switzerland

Language of fulltext: English

Full-text formats available: PDF, HTML



Antonio Santos-Olmo (Research and Development Department, Sicaman Nuevas Tecnologías, Tomelloso 13700, Spain)
Luis Enrique Sánchez (Research Group GSyA, University of Castilla-la Mancha, Ciudad Real 13700, Spain)
Ismael Caballero (Research Group Alarcos, University of Castilla-la Mancha (UCLM), Ciudad Real 13700, Spain)
Sara Camacho (Language department, Universidad Técnica de Ambato, Ambato 180150, Ecuador)
Eduardo Fernandez-Medina (Research Group GSyA, University of Castilla-la Mancha, Ciudad Real 13700, Spain)


Blind peer review

Editorial Board

Instructions for authors

Time From Submission to Publication: 11 weeks


Abstract | Full Text

The information society is increasingly more dependent on Information Security Management Systems (ISMSs), and the availability of these kinds of systems is now vital for the development of Small and Medium-Sized Enterprises (SMEs). However, these companies require ISMSs that have been adapted to their special features, and which are optimized as regards the resources needed to deploy and maintain them. This article shows how important the security culture within ISMSs is for SMEs, and how the concept of security culture has been introduced into a security management methodology (MARISMA is a Methodology for “Information Security Management System in SMEs” developed by the Sicaman Nuevas Tecnologías Company, Research Group GSyA and Alarcos of the University of Castilla-La Mancha.) for SMEs. This model is currently being directly applied to real cases, thus allowing a steady improvement to be made to its implementation.