Design of information security solutions for small organizations

Modern business today requires integration of information technology into everyday activities. The COVID-19 pandemic has contributed significantly to the acceleration of the whole digitalization process. However, there is a fundamental problem with digitalization, particularly for small businesses without IT departments, where digital progress often comes at the expense of security. This reality is further amplified by the lack of standards, guidelines or other documents that are useful and easily accessible to small businesses, as highlighted by the ENISA agency. Therefore, the aim of the thesis was to propose a solution for information security of small businesses with up to 25 employees and without an IT department in the form of a manual containing requirements that represent the basic level of information security. Based on the analysis of external documents, standards, reports and company recommendations, a set of 96 requirements was compiled to ensure an increased level of security. The transformation of these requirements resulted in 147 selection criteria, which were used within a tool developed by the author to devise 40 suitable security services (SaaS)/local software tools. Subsequently, the minimum requirements were evaluated using a semi-structured interview with the auditor of BluePartners Inc., where the content of the manual achieved 86.41\% compliance in terms of assessing their suitability for the target companies. In the last part of the thesis, the level of compliance with the given requirements was assessed within three small companies, with an average result of 65\% compliance, confirming the original premise of an insufficient level of information security and therefore the need for the manual.