Mitigating Information Leakage in Tech-Sector SMEs: Implementing ISO 27001:2022 for Comprehensive Security

Gabriel O. Quispe; Cesar K. Zuloaga; Pedro S. Castañeda

doi:10.1007/978-3-031-99353-4_24

Mitigating Information Leakage in Tech-Sector SMEs: Implementing ISO 27001:2022 for Comprehensive Security

Gabriel O. Quispe, Cesar K. Zuloaga, Pedro S. Castañeda

Producción científica: Libro o Capítulo del libro › Contribución a la conferencia › revisión exhaustiva

Resumen

This paper presents a model for implementing an Information Security Management System (ISMS) based on ISO 27001:2022 tailored to the needs of small and medium-sized enterprises (SMEs) in the technology sector in Lima Metropolitana. The model focuses on mitigating data leakage, a critical issue exacerbated by the increasing digitization of business operations. The proposed framework integrates controls from ISO 27001 aligned with NIST SP 800-53 to enhance information security practices. Results from applying the model to two technology SMEs indicate that one company (Company A) achieved a 94.44% Critical Control Implementation Index (IICC), a 70% Critical Vulnerability Resolution Rate (TRVC), and an 85% Policy Compliance Rate (TCPS), while the second company (Company B) achieved significantly lower rates of 50%, 40%, and 60%, respectively. These findings highlight both strengths in technological controls and weaknesses in organizational security management. This research contributes to the field by providing a practical, scalable approach for SMEs to enhance their information security posture, addressing both human and technological factors.

Idioma original	Inglés estadounidense
Título de la publicación alojada	Information Management - 11th International Conference, ICIM 2025, Revised Selected Papers
Editores	Shuliang Li
Editorial	Springer Science and Business Media Deutschland GmbH
Páginas	273-285
-	13
ISBN (versión impresa)	9783031993527
DOI	https://doi.org/10.1007/978-3-031-99353-4_24
Estado	Indizado - 2026
Publicado de forma externa	Sí
Evento	11th International Conference on Information Management, ICIM 2025 - London, Reino Unido Duración: 28 mar. 2025 → 30 mar. 2025

Serie de la publicación

Nombre	Communications in Computer and Information Science
Volumen	2540 CCIS
ISSN (versión impresa)	1865-0929
ISSN (versión digital)	1865-0937

Conferencia

Conferencia	11th International Conference on Information Management, ICIM 2025
País/Territorio	Reino Unido
Ciudad	London
Período	28/03/25 → 30/03/25

Nota bibliográfica

Publisher Copyright:
© The Author(s), under exclusive license to Springer Nature Switzerland AG 2026.

Acceder al documento

10.1007/978-3-031-99353-4_24

Citar esto

Quispe, G. O., Zuloaga, C. K., & Castañeda, P. S. (2026). Mitigating Information Leakage in Tech-Sector SMEs: Implementing ISO 27001:2022 for Comprehensive Security. En S. Li (Ed.), Information Management - 11th International Conference, ICIM 2025, Revised Selected Papers (pp. 273-285). (Communications in Computer and Information Science; Vol. 2540 CCIS). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-3-031-99353-4_24

Quispe, Gabriel O. ; Zuloaga, Cesar K. ; Castañeda, Pedro S. / Mitigating Information Leakage in Tech-Sector SMEs : Implementing ISO 27001:2022 for Comprehensive Security. Information Management - 11th International Conference, ICIM 2025, Revised Selected Papers. editor / Shuliang Li. Springer Science and Business Media Deutschland GmbH, 2026. pp. 273-285 (Communications in Computer and Information Science).

@inproceedings{cd14f4e91ae44e1dbbad56644da75c1e,

title = "Mitigating Information Leakage in Tech-Sector SMEs: Implementing ISO 27001:2022 for Comprehensive Security",

abstract = "This paper presents a model for implementing an Information Security Management System (ISMS) based on ISO 27001:2022 tailored to the needs of small and medium-sized enterprises (SMEs) in the technology sector in Lima Metropolitana. The model focuses on mitigating data leakage, a critical issue exacerbated by the increasing digitization of business operations. The proposed framework integrates controls from ISO 27001 aligned with NIST SP 800-53 to enhance information security practices. Results from applying the model to two technology SMEs indicate that one company (Company A) achieved a 94.44\% Critical Control Implementation Index (IICC), a 70\% Critical Vulnerability Resolution Rate (TRVC), and an 85\% Policy Compliance Rate (TCPS), while the second company (Company B) achieved significantly lower rates of 50\%, 40\%, and 60\%, respectively. These findings highlight both strengths in technological controls and weaknesses in organizational security management. This research contributes to the field by providing a practical, scalable approach for SMEs to enhance their information security posture, addressing both human and technological factors.",

keywords = "Data Leakage, ISO 27001:2022, Information Security, Information Security Management System (ISMS), NIST SP 800-53, SMEs",

author = "Quispe, \{Gabriel O.\} and Zuloaga, \{Cesar K.\} and Casta{\~n}eda, \{Pedro S.\}",

note = "Publisher Copyright: {\textcopyright} The Author(s), under exclusive license to Springer Nature Switzerland AG 2026.; 11th International Conference on Information Management, ICIM 2025 ; Conference date: 28-03-2025 Through 30-03-2025",

year = "2026",

doi = "10.1007/978-3-031-99353-4\_24",

language = "American English",

isbn = "9783031993527",

series = "Communications in Computer and Information Science",

publisher = "Springer Science and Business Media Deutschland GmbH",

pages = "273--285",

editor = "Shuliang Li",

booktitle = "Information Management - 11th International Conference, ICIM 2025, Revised Selected Papers",

address = "Germany",

}

Quispe, GO, Zuloaga, CK & Castañeda, PS 2026, Mitigating Information Leakage in Tech-Sector SMEs: Implementing ISO 27001:2022 for Comprehensive Security. En S Li (ed.), Information Management - 11th International Conference, ICIM 2025, Revised Selected Papers. Communications in Computer and Information Science, vol. 2540 CCIS, Springer Science and Business Media Deutschland GmbH, pp. 273-285, 11th International Conference on Information Management, ICIM 2025, London, Reino Unido, 28/03/25. https://doi.org/10.1007/978-3-031-99353-4_24

Mitigating Information Leakage in Tech-Sector SMEs: Implementing ISO 27001:2022 for Comprehensive Security. / Quispe, Gabriel O.; Zuloaga, Cesar K.; Castañeda, Pedro S.
Information Management - 11th International Conference, ICIM 2025, Revised Selected Papers. ed. / Shuliang Li. Springer Science and Business Media Deutschland GmbH, 2026. p. 273-285 (Communications in Computer and Information Science; Vol. 2540 CCIS).

Producción científica: Libro o Capítulo del libro › Contribución a la conferencia › revisión exhaustiva

TY - GEN

T1 - Mitigating Information Leakage in Tech-Sector SMEs

T2 - 11th International Conference on Information Management, ICIM 2025

AU - Quispe, Gabriel O.

AU - Zuloaga, Cesar K.

AU - Castañeda, Pedro S.

N1 - Publisher Copyright: © The Author(s), under exclusive license to Springer Nature Switzerland AG 2026.

PY - 2026

Y1 - 2026

N2 - This paper presents a model for implementing an Information Security Management System (ISMS) based on ISO 27001:2022 tailored to the needs of small and medium-sized enterprises (SMEs) in the technology sector in Lima Metropolitana. The model focuses on mitigating data leakage, a critical issue exacerbated by the increasing digitization of business operations. The proposed framework integrates controls from ISO 27001 aligned with NIST SP 800-53 to enhance information security practices. Results from applying the model to two technology SMEs indicate that one company (Company A) achieved a 94.44% Critical Control Implementation Index (IICC), a 70% Critical Vulnerability Resolution Rate (TRVC), and an 85% Policy Compliance Rate (TCPS), while the second company (Company B) achieved significantly lower rates of 50%, 40%, and 60%, respectively. These findings highlight both strengths in technological controls and weaknesses in organizational security management. This research contributes to the field by providing a practical, scalable approach for SMEs to enhance their information security posture, addressing both human and technological factors.

AB - This paper presents a model for implementing an Information Security Management System (ISMS) based on ISO 27001:2022 tailored to the needs of small and medium-sized enterprises (SMEs) in the technology sector in Lima Metropolitana. The model focuses on mitigating data leakage, a critical issue exacerbated by the increasing digitization of business operations. The proposed framework integrates controls from ISO 27001 aligned with NIST SP 800-53 to enhance information security practices. Results from applying the model to two technology SMEs indicate that one company (Company A) achieved a 94.44% Critical Control Implementation Index (IICC), a 70% Critical Vulnerability Resolution Rate (TRVC), and an 85% Policy Compliance Rate (TCPS), while the second company (Company B) achieved significantly lower rates of 50%, 40%, and 60%, respectively. These findings highlight both strengths in technological controls and weaknesses in organizational security management. This research contributes to the field by providing a practical, scalable approach for SMEs to enhance their information security posture, addressing both human and technological factors.

KW - Data Leakage

KW - ISO 27001:2022

KW - Information Security

KW - Information Security Management System (ISMS)

KW - NIST SP 800-53

KW - SMEs

UR - https://www.scopus.com/pages/publications/105015804194

U2 - 10.1007/978-3-031-99353-4_24

DO - 10.1007/978-3-031-99353-4_24

M3 - Conference contribution

AN - SCOPUS:105015804194

SN - 9783031993527

T3 - Communications in Computer and Information Science

SP - 273

EP - 285

BT - Information Management - 11th International Conference, ICIM 2025, Revised Selected Papers

A2 - Li, Shuliang

PB - Springer Science and Business Media Deutschland GmbH

Y2 - 28 March 2025 through 30 March 2025

ER -

Quispe GO, Zuloaga CK, Castañeda PS. Mitigating Information Leakage in Tech-Sector SMEs: Implementing ISO 27001:2022 for Comprehensive Security. En Li S, editor, Information Management - 11th International Conference, ICIM 2025, Revised Selected Papers. Springer Science and Business Media Deutschland GmbH. 2026. p. 273-285. (Communications in Computer and Information Science). doi: 10.1007/978-3-031-99353-4_24

Mitigating Information Leakage in Tech-Sector SMEs: Implementing ISO 27001:2022 for Comprehensive Security

Resumen

Serie de la publicación

Conferencia

Nota bibliográfica

Acceder al documento

Huella

Citar esto