A Methodology for Measuring Information Security Maturity in Norwegian and Indian MSME’s with special focus on people factor

Abstract

Information Security with focus on people factor has become a major focus area for all sizes of organizations globally. Because people are those in these organizations who maintain the technology, maintain the day-to-day security processes and influence the security culture of their organizations. In this report, we present a methodology we have developed for Measuring Information Security Maturity in Norwegian and Indian MSME’s with special focus on people factor and presents the finding of the surveys. The methodology supports the measuring process by defining the parameters for diagnosis in phase 1 and analyzes information security maturity in phase 2 using the three focus areas questionnaire developed, thus discovering strong and weak areas for improving managing information security, security culture and awareness in MSME’s. The major findings are presented with recommendations. Overall, the findings show that Norwegian MSME’s Information Security Maturity Levels are high compared to Indian MSME’s .