Information security is increasingly important in today's world, but 90% of security incidents occur in small and medium sized businesses due to a lack of investment in information security. To help this situation, this study proposes a information security management system Available to SMEs. We hope that it can be used as a guide to help SMEs in their information protection activities.
To this end, we first examined the current state of information protection in SMEs and compared and analysed national and international information protection certification systems to determine their similarities. We derived 34 items by mapping cloud security certification Low Impact Level and ISMS. modified them based on previous studies and surveys. After dividing them into administrative and technical areas, the survey was used to derive the importance of the second layer and the difficulty of performing the third layer for SMEs.
This thesis Contribute to propose an information security management system of Available levels to SMEs. and to Enhance on information protection in SMEs. for further study, we need to have the expertes to evaluation Improve ISMS also we must do an in-depth survey of actual ISMS judges & practitioners who have experted on implemented of ISMS to derive & evaluate proper items.