As companies' core technologies are integrated with IT to computerize, they are leaked out at ease. In addition, means of technology leakage are changed from technical leakage to personal one by people. This technology leakage has led to the increase in the estimate and frequency of damages to companies year after year. To exploit core technologies owned by companies to ensure sustainable growth, it should make effort to improve security levels from various perspectives at the same time. Therefore, this paper designed a model to measure security levels of small and medium business and a human centric security policy. In detail, it measured the security status and level of small and medium business by designing a conceptual system for measuring security levels and analyzing empirically. In addition, it analyzed results of measuring the levels in depth to design a human centric security policy for enhancing the security level of companies. Copyright © 2013 John Wiley & Sons, Ltd.