Small and medium enterprises (aka SME) are a common target for cyber security threats and attacks just like any other organization. In addition they do not have a proper solution time, expertise and infrastructure to handle security challenge. This is mainly due to the lack of economy of scale in the market of cyber security products which were built for large organizations and consuming large amount of resources. One of the most important assets of an organization in general and for a SME in particular is information. Information is an important value, and must therefore be protected appropriately. Most information today is created, stored, transported, or processed in part using information technology (IT). IT security incidents such as the disclosure or manipulation of information can have wide-ranging, adverse effects to a business or can prevent the organization from performing its tasks, resulting in high costs. Adequate and appropriate level of security for IT systems can be achieved by obtaining security standards (i.e. International Organization for Standardization/International Electrotechnical Commission (ISO/IEC) 27001). However, the process of IT security certification involves many manual steps.
Today, numerous applications and services are available from different entities and can be deployed on computers in an organization. In other words, various entities including device vendors, network providers, and software vendors can effectively provide computer code and support the operation of computers (servers, terminal devices, etc.). As a result, providing a safe and manageable computer environment requires addressing numerous challenges, in particular for SME.