ISO/IEC 27001 Implementation in SMEs: Investigation on Management of Information Assets Muthaiyah Saravanan1, Zaw Thein Oak Kyaw2 1Faculty of Management, Multimedia University, 63100, Cyberjaya, Selangor, Malaysia 2Faculty of Engineering, Multimedia University, 63100, Cyberjaya, Selangor, Malaysia Online published on 2 February, 2019. Abstract Objective The main reason of this study was to generate knowledge and improve understanding amongst practitioners and academics. This paper examines the extent to which SMEs have implemented physical, policy as well as logical controls in place to curb security threats as a preventive control. Analysis Data was gathered through surveys and to achieve more reliable responses, questionnaires were distributed and collected personally by hand. ISMS provide a systematic approach to manage sensitive data in terms of maintaining its confidentiality, integrity and authentication. Method This study is based on both quantitative and qualitative tests method or measurement which determines IEC/ISO27001 practices amongst SMEs. ISO/IEC27000 family of standards provides clear guidelines to medium and large organizations on how to keep their information assets secure. Findings A total of 100 surveys were sent administered by hand across six enterprises which were equally represented by four sectors i.e. Business Process Outsourcing (BPO), telecommunications, software and hardware vendors. Respondents were data handlers that had at least five years of working experience. All 100 responses were collected by hand, giving this study a response rate of 100%. Result Results reveal that 98% of the respondents agreed that ISMS has a significant relationship with recommended industry best practices. Majority of firm ISMS initiatives are on voluntary basis. Top Keywords ISO/IEC27001, Information assets, Confidentiality, Integrity, Authentication, Information Security Management Systems (ISMS). Top |