Affiliation:
1. Polytechnic Higher Institute of Gaya, Portugal & LE@D Open University, Portugal
2. Polytechnic Higher Institute of Gaya, Portugal
3. Polytechnic Higher Institute of Gaya, Portugal & INESC TEC, Portugal
Abstract
Information security has become a necessity for all organizations. ITIL, designed for large organizations, has also been gradually adopted by smaller companies and has incorporated practices related to information security management (ISM). This study aims to understand the main risks associated with ISM, considering the context of micro companies. For this purpose, a qualitative model was built based on four case studies of micro companies in the information technology industry. The results show that companies are concerned about information security, given the growth of external threats. However, these companies have a lack of commitment, of resources, and of knowledge that hinder the implementation of an ISM policy. Therefore, it is evident that the challenge of ISM is demanding and should be addressed, considering that the security of an organization should be analyzed in a holistic context, where all perspectives should be considered to reflect the multidisciplinary nature of security.