Information Security Models are a Solution or Puzzle for SMEs? A Systematic Literature Review

Effective information security management is necessary in the success of any organisation, including Small-and-Medium-Sized Enterprises (SMEs). Nonetheless, keeping their security needs met is always a challenge for SMEs. One of the proven ways to manage information security is through applying available international standards, frameworks and best practices. However, choosing a suitable model that addresses the SMEs holistic needs may be an overwhelming task. This systematic literature review formed the initial phase of a larger analytical project of existing models in three categories: risk management models, standards-based models and ‘other’ models. The review showed that most of models are theoretically conceived but have not been further tested empirically. Hence, their usability is unknown. More in-depth research is required to find a suitable model that may be applicable to all SMEs

A Framework for Information Security Management in Capital Markets

Obtaining financial data is attractiveto criminals. A recentincreaseincybersecurity threats in the financial sectorhasseen capital marketstargeted. With the rapid development in information technology, information security is a growing concernforthe financial services industryin general, and keeping capital market operations efficient, expeditious, and reliable are some of itshighestpriorities. This paperformspart of a largerprojectwhichinvestigatedthe technical, behavioural, managerial, philosophical and organisational aspects of information security. Althoughnot yet applied to real-world data, this paperoutlines the methodological and theoretical foundation of a proposedframework to improveinformation security and risk managementpractices. The application of such aframeworkmay contribute to improvedmanagement ofinformation security in the capital markets sector