| Abstract: | Companies and other organizations should not underestimate the severity of threats to their information. Small companies and organizations expose themselves to risk in believing that their data are not of interest to cybercriminals. Information security is not just a technical issue, given that technology interventions alone will not provide adequate solutions to the information security needs and challenges of organizations. Because of this, organizations should approach information security in a systematic way. Organizations should implement interventions that supplement technical interventions and provide a systemic plan of action to protect themselves against threats to information security. This article provides an overview of these types of interventions that have been established in the literature. |
