The Need for Information Security Management for Small to Medium Size Enterprises ICT 357 Information Security Management
Leong Yuan Zhang
Justifying The Need for Sound Information Security in Any Organisation2
Linking Business Objectives with Security3
Incident Response Management and Disaster Recovery4
Mobile Device Security Managment5
Biometric Security Devices and Their Use6
Ethical Issues in Information Security Management7
Security Training and Education7
Defending Against Internet-Based Attacks8
Industrial Espionage and Business Intelligence Gathering9
Personnel Issues in Information Security9
Physical Security Issues in Information Security10
Cyber Forensic Incident Response10
Small to Medium Size Enterprises (SMEs) contribute greatly to the economy in many countries despite the many challenges that they face. Lesser budgeting, resource planning and time management are just some of the limitations that they might encounter. Comparing this to a larger enterprise or government body, SMEs seems to have different approaches with regards to information security, sometimes understating the importance due to the constraint mentioned. This paper aims to study the issues relating to introduction and implementation of info security regimes in SMEs compared to larger organisations.
Small and medium enterprise are defined by the number of personnel working for the company, around the upper limit of 250 to the lower of 50. They usually lack resources, competencies and management to implement strategies externally and internally for their operations. This paper will focus on the implementation of information security regimes of SMEs and provide a comparison to large enterprises. The paper explores the multiple categories of information security, attempt to list the disadvantages faced by SMEs and how sometime large enterprises are unable to match a SME in the capability to respond to security threats
Justifying The Need for Sound Information Security in Any Organisation
The internet age brought upon new challenges to the business world, both SMEs and large organisation are continuously investing substantial resources to secure their presence on the internet. With increasingly virtualized business networks and expanding corporate ecosystem, more information have been created or converted into digital format. Digitalized information can be saved in different storage devices and transmitted over a plethora of interconnected network both internally and externally (Radding, 2012). Understandably, crime and security threats to information are becoming more commonplace as the reliance on Internet in business activities increase . Threats such as hackers, business competitors or even foreign governments can employ a host of different methods to obtain information from any organisation (Symantec). Yet no effective business would totally isolate themselves from using digitalized info to prevent such incidents; competitiveness or success of these organisations is linked to right information delivered on time. At its worst erroneous info may result in serious loss of potential earnings and damage to the organisation's "brand"(Juhani Anttila, 2005).
A significant element of information security are the cost and personnel expertise required with the designing, development and implementation of an effective security system. There is a need for major investment to be invested to build and maintain reliable, trustworthy and responsive security system (Anderson, 2001). Since most SMEs tend to have to operate under tight budgeting, extreme limited manpower and many different needs competing for limited supply of resources, thus placing information security down the priorities list (Tawileh, Hilton, & Stephen, 2007). Additionally, the lack of...