Strategic Decision Support For Information Protection: A Facilitation Framework For Small And Medium Enterprises

Information security seriously concerns Corporate America but the soaring cost on protecting information assets raises equal concerns. These concerns appear to be more threatening to the small and medium enterprises (SMEs) as the percentage of their IT budgets spent on information security protection sharply surpasses those percentages budgeted by large enterprises. In light of these concerns, we propose an integrated and attainable framework that could heuristically promote strategic decision thinking on protecting information assets for the SMEs.  In comparison to other approaches that aim at reaching an optimal decision through complex mathematical models, our framework requires no such computations. The goal of our approach is to help a SME reach such decisions with a framework that takes business, technological and managerial issues into account. The proposed framework fosters strategic thinking of security issues with simple and practical steps to achieve a balanced, consistent, and efficient protection with total involvement from all stakeholders of the information assets that need to be protected.