A Methodology for Measuring Information Security Maturity in Norwegian and Indian MSME’s with special focus on people factor
Abstract
Information Security with focus on people factor has become a major focus area for all
sizes of organizations globally. Because people are those in these organizations who
maintain the technology, maintain the day-to-day security processes and influence the
security culture of their organizations. In this report, we present a methodology we
have developed for Measuring Information Security Maturity in Norwegian and Indian
MSME’s with special focus on people factor and presents the finding of the surveys.
The methodology supports the measuring process by defining the parameters for
diagnosis in phase 1 and analyzes information security maturity in phase 2 using the
three focus areas questionnaire developed, thus discovering strong and weak areas for
improving managing information security, security culture and awareness in MSME’s.
The major findings are presented with recommendations. Overall, the findings show
that Norwegian MSME’s Information Security Maturity Levels are high compared to
Indian MSME’s .