A software gateway to affordable and effective Information Security Governance in SMMEs

It has been found that many small, medium and micro enterprises (SMMEs) do not comply with sound information security governance principles, specifically those principles involved in drafting information security policies and monitoring compliance, mainly as a result of restricted resources and expertise. Research suggests that this problem occurs worldwide and that the impact it has on SMMEs is great. In previous research an information security governance model was established to assist SMMEs in addressing information security governance issues and concerns. In order to provide SMMEs with a practical approach for applying this model, further research was conducted to establish a software program that demonstrates the model´s practical feasibility. The aim of this paper is to introduce this software program, called The Information Security Governance Toolbox (ISGT), by means of its various components, workings and benefits. Furthermore, a focus-group study´s evaluation results are offered that suggest that the program is useful to SMMEs in addressing their information security governance implementation challenges and offer value for industry.