Publicação
Information Security and Cybersecurity Management: A Case Study with SMEs in Portugal
| datacite.subject.fos | Ciências Naturais::Ciências da Computação e da Informação | |
| datacite.subject.sdg | 08:Trabalho Digno e Crescimento Económico | |
| datacite.subject.sdg | 09:Indústria, Inovação e Infraestruturas | |
| datacite.subject.sdg | 10:Reduzir as Desigualdades | |
| dc.contributor.author | Antunes, Mário | |
| dc.contributor.author | Maximiano, Marisa | |
| dc.contributor.author | Gomes, Ricardo | |
| dc.contributor.author | Pinto, Daniel | |
| dc.date.accessioned | 2026-02-27T18:11:39Z | |
| dc.date.available | 2026-02-27T18:11:39Z | |
| dc.date.issued | 2021-04-08 | |
| dc.description | Pinto, Daniel - Scopus ID: 58809541800 (ex-docente) | |
| dc.description.abstract | Information security plays a key role in enterprises management, as it deals with the confidentiality, privacy, integrity, and availability of one of their most valuable resources: data and information. Small and Medium-sized enterprises (SME) are seen as a blind spot in information security and cybersecurity management, which is mainly due to their size, regional and familiar scope, and financial resources. This paper presents an information security and cybersecurity management project, in which a methodology based on the well-known ISO-27001:2013 standard was designed and implemented in fifty SMEs that were located in the center region of Portugal. The project was conducted by a business association located at the center of Portugal and mainly participated by SMEs. The Polytechnic of Leiria and an IT auditing/consulting team were the other two entities that participated on the project. The characterisation of the participating enterprises, the ISO-27001:2013 based methodology developed and implemented in SMEs, as well as the results obtained in this case study, are depicted and analysed in the paper. The attained results show a clear benefit to the audited and intervened SMEs, being mainly attested by the increasing of their information security management robustness and collaborators’ cyberawareness. | eng |
| dc.description.sponsorship | Funding: This project was funded by “POCI—Programa Operacional para a Competitividade e Internacionalização” grant number POCI-02-0853-FEDER-026352. This publication and the APC is funded by FCT—Fundação para a Ciência e Tecnologia, I.P., under the project UIDB/04524/2020. Acknowledgments: The authors acknowledge NERLEI business association project team by the support given along the implementation of the project. | |
| dc.identifier.citation | Antunes,M.;Maximiano,M.; Gomes, R.; Pinto, D. Information Security and Cybersecurity Management: A Case Study with SMEs in Portugal. J. Cybersecur. Priv. 2021, 1, 219–238. https://doi.org/ 10.3390/jcp1020012. | |
| dc.identifier.doi | 10.3390/jcp1020012 | |
| dc.identifier.eissn | 2624-800X | |
| dc.identifier.uri | http://hdl.handle.net/10400.8/15744 | |
| dc.language.iso | eng | |
| dc.peerreviewed | yes | |
| dc.publisher | MDPI | |
| dc.relation | Research Center in Informatics and Communications | |
| dc.relation.hasversion | https://www.mdpi.com/2624-800X/1/2/12 | |
| dc.relation.ispartof | Journal of Cybersecurity and Privacy | |
| dc.rights.uri | http://creativecommons.org/licenses/by/4.0/ | |
| dc.subject | information security | |
| dc.subject | cybersecurity | |
| dc.subject | small and medium-sized enterprises | |
| dc.subject | ISO-27001:2013 | |
| dc.subject | auditing | |
| dc.title | Information Security and Cybersecurity Management: A Case Study with SMEs in Portugal | eng |
| dc.type | journal article | |
| dspace.entity.type | Publication | |
| oaire.awardTitle | Research Center in Informatics and Communications | |
| oaire.awardURI | info:eu-repo/grantAgreement/FCT/6817 - DCRRNI ID/UIDB%2F04524%2F2020/PT | |
| oaire.citation.endPage | 238 | |
| oaire.citation.issue | 2 | |
| oaire.citation.startPage | 219 | |
| oaire.citation.title | Journal of Cybersecurity and Privacy | |
| oaire.citation.volume | 1 | |
| oaire.fundingStream | 6817 - DCRRNI ID | |
| oaire.version | http://purl.org/coar/version/c_970fb48d4fbd8a85 | |
| person.affiliation.name | CIIC / ESTG | |
| person.familyName | Antunes | |
| person.familyName | Maximiano | |
| person.familyName | Pereira Gomes | |
| person.givenName | Mário | |
| person.givenName | Marisa | |
| person.givenName | Ricardo Jorge | |
| person.identifier | R-000-NX4 | |
| person.identifier | urn:authenticus_id:R-002-SEG | |
| person.identifier.ciencia-id | AF10-7EDD-5153 | |
| person.identifier.ciencia-id | A919-B117-A16D | |
| person.identifier.ciencia-id | 2319-A0CE-6813 | |
| person.identifier.gsid | 6gzjmMkAAAAJ | |
| person.identifier.orcid | 0000-0003-3448-6726 | |
| person.identifier.orcid | 0000-0002-1212-7864 | |
| person.identifier.orcid | 0000-0002-0438-9119 | |
| person.identifier.rid | ADM-8923-2022 | |
| person.identifier.scopus-author-id | 25930820200 | |
| person.identifier.scopus-author-id | 26767664900 | |
| person.identifier.scopus-author-id | 57413754100 | |
| project.funder.identifier | http://doi.org/10.13039/501100001871 | |
| project.funder.name | Fundação para a Ciência e a Tecnologia | |
| relation.isAuthorOfPublication | e3e87fb0-d1d6-44c3-985d-920a5560f8c1 | |
| relation.isAuthorOfPublication | 18092229-fa61-402b-978c-56b8127d46e9 | |
| relation.isAuthorOfPublication | 21f92f87-2dd6-4d26-be3d-cd2b13a0e19a | |
| relation.isAuthorOfPublication.latestForDiscovery | e3e87fb0-d1d6-44c3-985d-920a5560f8c1 | |
| relation.isProjectOfPublication | 67435020-fe0d-4b46-be85-59ee3c6138c7 | |
| relation.isProjectOfPublication.latestForDiscovery | 67435020-fe0d-4b46-be85-59ee3c6138c7 |
Ficheiros
Principais
1 - 1 de 1
A carregar...
- Nome:
- Information Security and Cybersecurity Management A Case Study with SMEs in Portugal.pdf
- Tamanho:
- 1.26 MB
- Formato:
- Adobe Portable Document Format
- Descrição:
- Information security plays a key role in enterprises management, as it deals with the confidentiality, privacy, integrity, and availability of one of their most valuable resources: data and information. Small and Medium-sized enterprises (SME) are seen as a blind spot in information security and cybersecurity management, which is mainly due to their size, regional and familiar scope, and financial resources. This paper presents an information security and cybersecurity management project, in which a methodology based on the well-known ISO-27001:2013 standard was designed and implemented in fifty SMEs that were located in the center region of Portugal. The project was conducted by a business association located at the center of Portugal and mainly participated by SMEs. The Polytechnic of Leiria and an IT auditing/consulting team were the other two entities that participated on the project. The characterisation of the participating enterprises, the ISO-27001:2013 based methodology developed and implemented in SMEs, as well as the results obtained in this case study, are depicted and analysed in the paper. The attained results show a clear benefit to the audited and intervened SMEs, being mainly attested by the increasing of their information security management robustness and collaborators’ cyberawareness.
Licença
1 - 1 de 1
Miniatura indisponível
- Nome:
- license.txt
- Tamanho:
- 1.32 KB
- Formato:
- Item-specific license agreed upon to submission
- Descrição: