Abstract
The purpose of this article is to contribute scientifically to the thematic areas of organisational resilience and security risk management by providing a model of a flexible security management system that can be integrated with other management systems and be applied to the operational dimension of organisational resilience. To this end, the literature on security risk and operational resilience has been reviewed, as well as on security governance models based on enterprise security risk management and other international standards that allow integration with business processes. During the study, an incipient production of specific models that determine the maturity of different management systems was observed in the academic sphere, with a gap being detected in terms of security management system maturity models linked to organisational governance and enterprise risk management, which would facilitate their inclusion in the organisation's integrated management system in a practical way. It is concluded that the proposed model provides scientific support to practitioners, and, to a greater extent, to companies and other organisations irrespective of their size, sector of activity or location.