The Need for Information Security Management for Small to Medium Size Enterprises
The Need for Information Security Management for Small to Medium Size Enterprises
ICT 357 Information Security Management
Leong Yuan Zhang
31741147
Trimester 1
Murdoch University
Contents Abstract 2 Introduction 2 Justifying The Need for Sound Information Security in Any Organisation 2 Linking Business Objectives with Security 3 Incident Response Management and Disaster Recovery 4 Mobile Device Security Managment 5 Biometric Security Devices and Their Use 6 Ethical Issues in Information Security Management 7 Security Training and Education 7 Defending Against Internet-Based Attacks 8 Industrial Espionage and Business Intelligence Gathering 9 Personnel Issues in Information Security 9 Physical Security Issues in Information Security 10 Cyber Forensic Incident Response 10 Conclusion 11 References 11
Abstract
Small to Medium Size Enterprises (SMEs) contribute greatly to the economy in many countries despite the many challenges that they face. Lesser budgeting, resource planning and time management are just some of the limitations that they might encounter. Comparing this to a larger enterprise or government body, SMEs seems to have different approaches with regards to information security, sometimes understating the importance due to the constraint mentioned. This paper aims to study the issues relating to introduction and implementation of info security regimes in SMEs compared to larger organisations.
Introduction Small and medium enterprise are defined by the number of personnel working for the company, around the upper limit of 250 to the lower of 50. They usually lack resources, competencies and management to implement strategies externally and internally for their operations. This paper will focus on the implementation of information security regimes of SMEs and provide a comparison to large enterprises. The paper explores the multiple categories of information security, attempt to list the disadvantages faced by SMEs and how sometime
ICT 357 Information Security Management
Leong Yuan Zhang
31741147
Trimester 1
Murdoch University
Contents Abstract 2 Introduction 2 Justifying The Need for Sound Information Security in Any Organisation 2 Linking Business Objectives with Security 3 Incident Response Management and Disaster Recovery 4 Mobile Device Security Managment 5 Biometric Security Devices and Their Use 6 Ethical Issues in Information Security Management 7 Security Training and Education 7 Defending Against Internet-Based Attacks 8 Industrial Espionage and Business Intelligence Gathering 9 Personnel Issues in Information Security 9 Physical Security Issues in Information Security 10 Cyber Forensic Incident Response 10 Conclusion 11 References 11
Abstract
Small to Medium Size Enterprises (SMEs) contribute greatly to the economy in many countries despite the many challenges that they face. Lesser budgeting, resource planning and time management are just some of the limitations that they might encounter. Comparing this to a larger enterprise or government body, SMEs seems to have different approaches with regards to information security, sometimes understating the importance due to the constraint mentioned. This paper aims to study the issues relating to introduction and implementation of info security regimes in SMEs compared to larger organisations.
Introduction Small and medium enterprise are defined by the number of personnel working for the company, around the upper limit of 250 to the lower of 50. They usually lack resources, competencies and management to implement strategies externally and internally for their operations. This paper will focus on the implementation of information security regimes of SMEs and provide a comparison to large enterprises. The paper explores the multiple categories of information security, attempt to list the disadvantages faced by SMEs and how sometime
References: (n.d.). Retrieved March 10, 2013, from Symantec: http://securityresponse.symantec.com/avcenter/security/Content/security.articles/corp.security.policy.html ABS Anderson, R. J. (2001). Why Information Security is Hard - An Economic Perspective. in Proceedings of the Seventeenth Computer Security Applications Conference (pp. 358-365). IEEE Computer Society Press. BH Consulting. (2006). Incident Response White Paper. Dublin: BH Consulting. Blackwell, G. (2010, May 25). Disaster Recovery For Small Business. Retrieved March 13, 2013, from Small Business Computing: http://www.smallbusinesscomputing.com/biztools/article.php/10730_3884076_2/Disaster-Recovery-For-Small-Business.htm Crane, A Crist, J. (2007). Web Based Attacks. SANS Institute. Disaster Recovery. (n.d.). Disaster Recovery. Retrieved March 13, 2013, from Disaster Recovery: http://www.disasterrecovery.org/ Giannoulis, P., & Northcutt, S Goh, R. (2003). Information Security: The Importance of the Human Element. Singapore: Preston University. Good Technology. (2009). Mobile Device Security. Good Technology. Hight, S. D. (2005). The importance of a security, education, training and awareness program. Householder, A., Houle, K., & Dougherty, C Juhani Anttila. (2005, March). Retrieved March 13, 2013, from QualityIntegration: http://www.qualityintegration.biz/InformationSecurityManagement.html Kelly, L Klein, D. V. (1999). Defending against the wily surfer - Web based attacks and defense. California: The USENIX Association. Liu, S., & Silverman, M. (2001). A Practical Guide to Biometric. IT Pro. Miora, M. (2010). Business Continuity. Los Angeles, California, USA. Moshchuk, A. N. (2000). Understanding and Defending Against Web-borne Security Threats. Washington: University of Washington. Podszywalow, M. (2011, November 29). How to Detect and Stop Corporate Cyber Espionage. Retrieved March 13, 2013, from The Data Chain: http://www.thedatachain.com/articles/2011/11/how_to_detect_and_stop_corporate_cyber_espionage PricewaterhouseCooper Proctor, P. E., & Byrnes, F. C. (2002). The Secured Enterprise: Protecting Your Information Assets. New Jersey: Prentice Hall. Radding, A. (2012, January 04). Retrieved March 10, 2013, from Brainloop: http://www.brainloop.com/fileadmin/assets/PDFs/White_Papers/brainloop_white_paper_info_sec_options.pdf Relkin, J Souppaya, M., & Scarfone, K. (2012). Guidelines for Managing and Securing Mobile Devices in the Enterprise. National Institute of Standards and Technology. Tawileh, A., Hilton, J., & Stephen, M. (2007). Managing Information Security in Small and Medium Sized Enterprises: A Holistic Approach. Information Security Solutions Europe Conference, (p. 11). Warsaw. Tiwary, K. D. (2011). Security and ethical issues in it: An organisation perspective. International Journal of Enterprise Computing and Business . Zahorsky, D. (n.d.). About.com. Retrieved March 13, 2013, from Disaster Recovery Decision Making for Small Business: http://sbinformation.about.com/od/disastermanagement/a/disasterrecover.htm