Document Type


Publication Date



Information Security. Small and Medium Business. Information Security Model. Information Security Standards


The adoption of information security model, implementation of policies and fitness for any information security standard is rare for Small and Medium Enterprises (SMEs) because, often, the complexity of the rules. As these organizations contribute to much of the national economy, being the largest employers in Brazil, it was necessary to research ways to try to fill the gap. For this purpose the present study analyzed with real sample of 48 SMEs, through a questionnaire, which the vision of information security for SMEs and proposed a model simplifying controls 133 of ISO / IEC 27002 for just 22. This simplified model was , later also validated via questionnaire with ICT professionals in SMEs.


This paper is in Portuguese (Proposta de Modelo de Segurança Simplificado para Pequenas e Médias Empresas)