Modelling adaptive information security for SMEs in a cluster

摘要

Purpose This paper presents a method for adapting an Information Security Focus Area Maturity (ISFAM) model to the organizational characteristics (OCs) of a small- and medium-sized enterprise (SME) cluster. The purpose of this paper is to provide SMEs with a tailored maturity model enabling them to capture and improve their information security capabilities. Design/methodology/approach Design Science Research was followed to design and evaluate the method as a design artifact. Findings The method has successfully been used to adapt the ISFAM model to a group of SMEs within a regional cluster resulting in a model that is aligned with the OCs of the cluster. Areas for further investigation and improvements were identified.