<![CDATA[Small and Medium Enterprises (SMEs) increasingly rely on information systems to support operational efficiency, customer management, and financial transactions. However, limited awareness and resources often cause SMEs to neglect information security governance, exposing them to data breaches and operational risks (ENISA, 2021). This study aims to evaluate the effectiveness of information security controls in a culinary SME using the ISO/IEC 27001 framework. A qualitative case study approach was employed, involving document analysis, interviews, and observation of information system practices within the organization (Yin, 2018). The audit results reveal several gaps in information security implementation, particularly in access control, risk assessment, and incident management. These findings indicate that although basic controls are in place, the SME has not yet aligned its practices with ISO/IEC 27001 requirements. This study contributes by providing a practical audit model for SMEs to improve information security governance in a cost-effective and structured manner (ISO, 2022).]]>
Copyrights © 2025
