An Information Security Management System Model Based on ISO/IEC 27001:2022 for Mitigating Cyberattacks in Peruvian Fashion-Sector SMEs
摘要
The rise in cyberattacks targeting small and medium-sized enterprises (SMEs) highlights the urgent need for information security management models that are both effective and accessible. This study proposes an Information Security Management System (ISMS) model that harmonizes the ISO/IEC 27001:2022 standard with the NIST Cybersecurity Framework v1.1, specifically adapted to the context of SMEs in Peru’s fashion sector. A case study was conducted at Big Panda Clothing, applying key phases such as the assessment of the current security posture, asset identification and classification, risk analysis, development of security policies, and the implementation of continuous cybersecurity training. The validation of the proposed model projected an increase in the organization’s information security maturity level from 1.58 to 2.57, indicating meaningful improvements in cyber resilience and the protection of critical assets. The results suggest that the ISMS model provides a practical and replicable approach for SMEs, offering a sustainable strategy to address cybersecurity challenges in increasingly vulnerable digital environments.