IDEAS home Printed from https://ideas.repec.org/a/gam/jsusta/v17y2025i18p8314-d1750910.html
   My bibliography  Save this article

Development of an Application-Based Framework for Information Security Management in SMEs

Author

Listed:
  • Diana Rusu

    (Faculty of Civil Engineering, Transilvania University of Brasov, 500036 Brasov, Romania)

  • Marius Mantulescu

    (Faculty of Civil Engineering, Transilvania University of Brasov, 500036 Brasov, Romania)

Abstract

In an increasingly interconnected and sustainability-driven digital landscape, effective risk management and robust information security practices are essential not only for protecting organizational assets but also for ensuring long-term operational resilience and regulatory compliance, especially for small and medium-sized enterprises (SMEs), which aim to grow but have limited resources. This paper presents the development of a practical framework and a supporting application—GestionAVR—for implementing an Information Security Management System (ISMS) that integrates structured risk management processes. The research presents some theoretical insights and practitioners’ input, with a focus on the needs of SMEs. The framework includes a predefined set of categorized risks across four key areas: organizational, personnel, physical, and technological. Designed for usability and adaptability, the GestionAVR application facilitates risk identification, prioritization, monitoring, and continuous improvement. Validated through a case study in the engineering sector, the solution proved to be effective in enhancing decision-making, reducing time spent on planning, and minimizing overlooked vulnerabilities. Future developments include integration of sustainability indicators aligning with recent updates to ISO 27001 standards, AI-based data analysis and automated reporting. This research offers a customizable and cost-effective tool that supports information security and sustainable organizational development.

Suggested Citation

  • Diana Rusu & Marius Mantulescu, 2025. "Development of an Application-Based Framework for Information Security Management in SMEs," Sustainability, MDPI, vol. 17(18), pages 1-22, September.
    • Handle: RePEc:gam:jsusta:v:17:y:2025:i:18:p:8314-:d:1750910
    as

    Download full text from publisher

    File URL: https://www.mdpi.com/2071-1050/17/18/8314/pdf
    Download Restriction: no
    File URL: https://www.mdpi.com/2071-1050/17/18/8314/
    Download Restriction: no
    ---><---

    References listed on IDEAS

    as
    1. Crovini, Chiara & Ossola, Giovanni & Britzelmaier, Bernd, 2021. "How to reconsider risk management in SMEs? An Advanced, Reasoned and Organised Literature Review," European Management Journal, Elsevier, vol. 39(1), pages 118-134.
    2. Zodwa Z. F. Mthiyane & Huibrecht M. van der Poll & Makgopa F. Tshehla, 2022. "A Framework for Risk Management in Small Medium Enterprises in Developing Countries," Risks, MDPI, vol. 10(9), pages 1-18, September.
    Full references (including those not matched with items on IDEAS)

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Maciej Urbaniak & Dominik Zimon & Peter Madzik & Eva Šírová, 2022. "Risk factors in the assessment of suppliers," PLOS ONE, Public Library of Science, vol. 17(8), pages 1-21, August.
    2. Hasan MAKKAWI & Duha SAADEDIN, 2021. "Risk management in Palestine in the small insurance industry," Smart Cities International Conference (SCIC) Proceedings, Smart-EDU Hub, Faculty of Public Administration, National University of Political Studies & Public Administration, vol. 9, pages 527-532, November.
    3. Tatiana Yu. Kudryavtseva & Angi E. Skhvediani & Maiia S. Leukhina & Alexandra O. Schneider, 2023. "A Fuzzy Model for Personnel Risk Analysis: Case of Russian-Finnish Export-Import Operations of Small and Medium Enterprises," Journal of Applied Economic Research, Graduate School of Economics and Management, Ural Federal University, vol. 22(3), pages 683-709.
    4. Julia Riepl & Christine Mitter & Michael Kuttner, 2024. "Risk management during the COVID-19 crisis: insights from an exploratory case study of medium-sized family businesses," Journal of Management Control: Zeitschrift für Planung und Unternehmenssteuerung, Springer, vol. 35(1), pages 109-135, March.
    5. Jan Dvorsky & Ludmila Kozubikova & Aleksandr Kljucnikov & Eva Ivanova, 2022. "Owners vs. Managers. Disparities of Attitudes on the Business Risk in SME Segment," The AMFITEATRU ECONOMIC journal, Academy of Economic Studies - Bucharest, Romania, vol. 24(59), pages 174-174.
    6. Stavros Kalogiannidis & Stamatis Kontsas & Dimitrios Kalfas & Fotios Chatzitheodoridis, 2024. "Operational risk management in managerial accounting: a comprehensive examination of strategies and implementation in medium size organizations," Operational Research, Springer, vol. 24(3), pages 1-27, September.
    7. Lucian Ispas & Costel Mironeasa & Alessandro Silvestri, 2023. "Risk-Based Approach in the Implementation of Integrated Management Systems: A Systematic Literature Review," Sustainability, MDPI, vol. 15(13), pages 1-22, June.
    8. Edinam Agbemava & Thywill Cephas Dzogbewu & Dennis Yao Dzansi & Deon Johan de Beer & Olawale Fatoki, 2024. "3D printing firms in South Africa and their financial management practices How and to what extent does it enhance business performance?," International Journal of Business Ecosystem & Strategy (2687-2293), Bussecon International Academy, vol. 6(5), pages 146-157, October.

    More about this item

    Keywords

    ;
    ;
    ;
    ;

    Statistics

    Access and download statistics

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:gam:jsusta:v:17:y:2025:i:18:p:8314-:d:1750910. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: MDPI Indexing Manager (email available below). General contact details of provider: https://www.mdpi.com .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.