The information society is increasingly more dependent upon Information Security Management Systems (ISMSs), and the availability of these systems has become crucial to the evolution of Small and Medium-size Enterprises (SMEs). However, this type of companies requires ISMSs which have been adapted to their specific characteristics, and these systems must be optimized from the point of view of the resources necessary to deploy and maintain them. Over the last 10 years, the authors have obtained considerable experience in the establishment of ISMSs, and during this time, they have observed that the structure and characteristics of SMEs as regards security management are frequently very similar (since they can all be grouped by business size and sector), thus signifying that it is possible to construct patterns for ISMSs that can be reused and refined. In this chapter, the authors present the strategy that they have designed to manage and reuse security information in information system security management. This strategy is framed within a methodology designed for integral security management and its information systems maturity, denominated as “Methodology for Security Management and Maturity in Small and Medium-size Enterprises (MSM2-SME),” and it is defined in a reusable model called “Reusable Pattern for Security Management (RPSM),” which systematically defines, manages, and reuses the aforementioned methodology through a sub-process denominated as “Generation of Security Management Patterns (GSMP).” This model is currently being applied in real cases, and is thus constantly improving.
