Developing an agile, analytics-based information security maturity framework for Malaysian SMEs: a systematic literature review

In the age of technology, information security has become a critical component for small and medium enterprises (SMEs), which remain highly vulnerable to cyber risks. However, most Information Security Maturity Models (ISMMs) provide limited applicability to the SME context, particularly in Malaysia, due to resource constraints, complex systems, and organizational resistance to new methodologies. This study addresses this gap by conducting a narrative review that synthesizes 30 scholarly articles published between 2022 and 2025 across leading databases. The objectives of this study are to (i) classify existing ISMM models that are relevant to SMEs, (ii) assess the extent to which these models are suitable and easy to implement by SMEs, and (iii) explore the integration of agile development approaches and analytical technologies into security maturity models. The findings reveal the need for lighter and more flexible ISMM models that enable automated digital self-assessment. Accordingly, this article proposes a conceptual three- dimensional framework that integrates agility, SME suitability, and analytic functionalities as the foundation for a contextualized ISMM for SMEs in Malaysia.