The Effect of Establishing Security System for SMEs in ICT on Improving Security Awareness and Preventing Security Incidents

Background/Objectives: This study aims to present the effect of the establishment of a security system of SMEs in ICT on enhancing security awareness and preventing security incidents. Methods/Statistical analysis: A research model was designed to analyze the effect of security system construction on security awareness and security incidents. Through theoretical literature survey, several variables of security training, security policy, and security infrastructure were derived for the security system. An empirical analysis was conducted using the structural equation, validity and reliability analysis with the collected 103 data for employees of SMEs in the ICT field through a questionnaire consisting of a 5-point Likert scale. Findings: The establishment of a security system through periodic corporate security training, security policy, and security infrastructure has a statistically significant impact on improving organizational security awareness and preventing security incidents. Security training has shown a higher impact on security infrastructure and security policy than on improving security awareness. This is found to have a substantially high impact on security awareness and security incident prevention because security training is already performed in ICT of SMEs, and the introduced security infrastructure is operated by applying security policies. Improvements/Applications: In order to improve the security awareness of SMEs in ICT, it is necessary to study various influential factors, such as the participation of management, and regulatory factors.