Practical Application of a Security Management Maturity Model for SMEs based on Predefined Schemas

For enterprises to be able to use information technologies and communications with guarantees, it is necessary to have an adequate security management system and tools which allow them to manage it. In small and medium-sized enterprises, the application of security standards has an additional problem, which is the fact that they do not have enough resources to carry out an appropriate management. This security management system must have highly reduced costs for its implementation and maintenance in small and medium-sized enterprises (from here on refered to as SMEs) to be feasible. In this paper we show the practical application of our proposal for a maturity model with which to manage the security in SMEs, centring upon the phase which determines the state of the enterprise and some of the mechanisms which allow the security level to be kept up to date without the need for continuous audits. This focus is continuously refined through its application to real cases, the results of which are shown in this paper.