Små företags hantering av IT- och informationssäkerhet : En intervjustudie med små företag inom handel

Sammanfattning: The increased use of IT in our daily lives comes hand-in-hand with the increase of maliciousthreats and attacks against these technologies. Large businesses usually have the ability toinvest large resources in IT and/or security, keeping their businesses more resilient to threatsand attacks. Usually this is something small businesses can’t afford to spend resources on.So, what do small businesses actually do when it comes to IT and information security?By interviewing small businesses in retail this study aims to answer this question.The interview questions were based on the ISO standards for information securitymanagement systems. A general inductive approach was used to analyze the answers togetherwith a theoretical deep dive into the CIA-triad with the help of the ISO standards. The studyconcludes that small businesses in retail don't prioritize IT and information security and adiscussion is made as to why.