ENISA has conducted some work in developing simplified security approaches for SMEs.
In a series of projects, we have created simple, yet comprehensive guidance for some important elements of information security management, these being a risk management and a business continuity approach for organisations with a rather standardised IT-infrastructure. The proposed approaches are crafted in a way so as to conceal complexity, yet without sacrificing completeness/correctness of performed assessments.
Based on those approaches, ENISA has performed three pilot projects to check their applicability. Moreover, based on the work of an ENISA ad-hoc working group on risk management, a small excel tool has been developed that allows both novice as well as expert users to identify complexity and risk management requirements of their professional activities.