TY - GEN
T1 - Mitigating Information Leakage in Tech-Sector SMEs
T2 - 11th International Conference on Information Management, ICIM 2025
AU - Quispe, Gabriel O.
AU - Zuloaga, Cesar K.
AU - Castañeda, Pedro S.
N1 - Publisher Copyright:
© The Author(s), under exclusive license to Springer Nature Switzerland AG 2026.
PY - 2026
Y1 - 2026
N2 - This paper presents a model for implementing an Information Security Management System (ISMS) based on ISO 27001:2022 tailored to the needs of small and medium-sized enterprises (SMEs) in the technology sector in Lima Metropolitana. The model focuses on mitigating data leakage, a critical issue exacerbated by the increasing digitization of business operations. The proposed framework integrates controls from ISO 27001 aligned with NIST SP 800-53 to enhance information security practices. Results from applying the model to two technology SMEs indicate that one company (Company A) achieved a 94.44% Critical Control Implementation Index (IICC), a 70% Critical Vulnerability Resolution Rate (TRVC), and an 85% Policy Compliance Rate (TCPS), while the second company (Company B) achieved significantly lower rates of 50%, 40%, and 60%, respectively. These findings highlight both strengths in technological controls and weaknesses in organizational security management. This research contributes to the field by providing a practical, scalable approach for SMEs to enhance their information security posture, addressing both human and technological factors.
AB - This paper presents a model for implementing an Information Security Management System (ISMS) based on ISO 27001:2022 tailored to the needs of small and medium-sized enterprises (SMEs) in the technology sector in Lima Metropolitana. The model focuses on mitigating data leakage, a critical issue exacerbated by the increasing digitization of business operations. The proposed framework integrates controls from ISO 27001 aligned with NIST SP 800-53 to enhance information security practices. Results from applying the model to two technology SMEs indicate that one company (Company A) achieved a 94.44% Critical Control Implementation Index (IICC), a 70% Critical Vulnerability Resolution Rate (TRVC), and an 85% Policy Compliance Rate (TCPS), while the second company (Company B) achieved significantly lower rates of 50%, 40%, and 60%, respectively. These findings highlight both strengths in technological controls and weaknesses in organizational security management. This research contributes to the field by providing a practical, scalable approach for SMEs to enhance their information security posture, addressing both human and technological factors.
KW - Data Leakage
KW - ISO 27001:2022
KW - Information Security
KW - Information Security Management System (ISMS)
KW - NIST SP 800-53
KW - SMEs
UR - https://www.scopus.com/pages/publications/105015804194
U2 - 10.1007/978-3-031-99353-4_24
DO - 10.1007/978-3-031-99353-4_24
M3 - Contribución a la conferencia
AN - SCOPUS:105015804194
SN - 9783031993527
T3 - Communications in Computer and Information Science
SP - 273
EP - 285
BT - Information Management - 11th International Conference, ICIM 2025, Revised Selected Papers
A2 - Li, Shuliang
PB - Springer Science and Business Media Deutschland GmbH
Y2 - 28 March 2025 through 30 March 2025
ER -