The Challenge of Implementing Information Security Standards in Small and Medium e-Business Enterprises


The dynamic nature of online systems requires companies to be proactive with thwarting information security threats, and to follow a systematic way for managing and evaluating the security of their online services. The existence of security standards is an important factor that helps organisations to evaluate and manage security by providing guidelines and best practices that enable them to follow a standard and systematic way to protect their e-Business activities. However, the suitability of available information security standards for Small and Medium e-Business Enterprises (e-SME) is worth further investigation. In this paper three major security standards including Common Criteria, System Security Engineering-Capability and Maturity Model and ISO/IEC 27001 were analysed. Accordingly, several challenges associated with these standards that may render them difficult to be implemented in e-SME have been identified.

Share and Cite:

Alqatawna, J. (2014) The Challenge of Implementing Information Security Standards in Small and Medium e-Business Enterprises. Journal of Software Engineering and Applications, 7, 883-890. doi: 10.4236/jsea.2014.710079.

Conflicts of Interest

The authors declare no conflicts of interest.


[1] Awad, E.M. (2004) Electronic Commerce: From Vision to Fulfilment. 2nd Edition, Prentice Hall, Upper Saddle River.
[2] Smith, B., Chatfield, V. and Uemura, O. (2001) IBM RedBooks, iSeries e-Business Handbook, A Technology and Product Reference.
[3] Bakari, J. (2007) A Holistic Approach for Managing ICT Security in Non-Commercial Organisations. A Case Study in a Developing Country. PhD Thesis, Department of Computer and Systems Sciences, SU/KTH Sweden.
[4] Jennex, M. and Amoroso, D. (2004) e-Business and Technology Issues for Developing Economies: A Ukraine Case Study. The Electronic Journal on Information Systems in Developing Countries.
[5] Payne, J. (2007) e-Commerce Readiness for SMEs in Developing Countries: A Guide for Development Professionals. Academy for Educational Development/LearnLink.
[6] Hartono, E., Holsapple, C., Kim, K., Na, K. and Simpson, J. (2014) Measuring Perceived Security in B2C Electronic Commerce Website Usage: A Respecification and Validation. Decision Support Systems, 62, 11-21.
[7] Iglesias-Pradas, S., Pascual-Miguel, F., Hernández-García, A. and Chaparro-Peláez, G. (2013) Barriers and Drivers for Non-Shoppers in B2C e-Commerce: A Latent Class Exploratory Analysis. Computers in Human Behavior, 29, 314-322.
[8] Wymer, S. and Regan, E., (2005), Factors Influencing e-Commerce Adoption and Use by Small and Medium Businesses. Electronic Markets, 15, 438-453.
[9] (2007) Common Criteria: An Introduction.
[10] ISO Security Standards.
[11] Kajava, J., Anttila, J., Varonen, R., Sovola, R. and Roning, J. (2006) Information Security Standards and Global Business. IEEE International Conference on Industrial Technology, Mumbai, 15-17 December 2006, 2091-2095.
[12] Solms, B. (2001) Information Security: A Multidimensional Discipline. Computers & Security, 20, 504-508.
[13] Katsikas, S.K., Lopez, J. and Pernul, G. (2005) Trust, Privacy and Security in e-Business: Requirements and Solutions. Proceedings of the 10th Panhellenic Conference on Informatics (PCI’2005), Volos, 11-13 November 2005, 548-558.
[14] ISO/IEC 27001:2005 Information Technology, Security Techniques, Information Security Management Systems, Requirements.
[15] Solms, R. (1996) Information Security Management: The Second Generation. Computers & Security, 15, 281-288.
[16] (2003) Systems Security Engineering Capability Maturity Model?, SSE-CMM?, Model Description Document, Version 3.0.
[17] Zuccato, A. (2006) Holistic Security Management Framework Applied in Electronic Commerce. Computers & Security, 26, 256-265.
[18] Jackson, W. (2007) Under Attack: Common Criteria Has Loads of Critics, But Is It Getting a Bum Rap? Government Computing News.
[19] Davis, A. and Steven, A. (2005) How Security Can Be Measured, Copyright? 2005 Information Systems Audit and Control Association.
[20] Hopkinson, J. (1999) The Relationship between the SEE-CMM and IT Security Guidance Documentation. Copyright EWA-Canada Ltd., Ottawa.
[21] DTI Information Security Breaches Survey (2006) Technical Report. UK Department of Trade and Industry.
[22] Alqatawna, J., Siddiqi, J., Akhgar, B. and Btoush, M.H. (2009) e-Business Security: Methodological Considerations. International Journal of Business, Economics, Finance and Management Sciences, 1, 47-54.
[23] Alqatawna, J., Siddiqi, J., Akhgar, B. and Btoush, M. (2008) Towards Holistic Approaches to Secure e-Business: A Critical Review. Proceedings of EEE’08, 14-17 July 2008, Las Vegas, 245-251.
[24] Alqatawna, J., Siddiqi, J., Akhgar, B. and Btoush, M. (2008) A Holistic Framework for Secure e-Business. Proceedings of EEE’08, 14-17 July 2008, Las Vegas, 257-263.
[25] Alqatawna, J. (2010) Multi-Stakeholder Enquiry for Securing e-Business Environments: A Socio-Technical Security Framework. Sheffield Hallam University, Sheffield.

Copyright © 2023 by authors and Scientific Research Publishing Inc.

Creative Commons License

This work and the related PDF file are licensed under a Creative Commons Attribution 4.0 International License.