Preview

The Need for Information Security Management for Small to Medium Size Enterprises

Best Essays
Open Document
Open Document
4593 Words
Grammar
Grammar
Plagiarism
Plagiarism
Writing
Writing
Score
Score
The Need for Information Security Management for Small to Medium Size Enterprises
The Need for Information Security Management for Small to Medium Size Enterprises
ICT 357 Information Security Management
Leong Yuan Zhang
31741147
Trimester 1
Murdoch University

Contents Abstract 2 Introduction 2 Justifying The Need for Sound Information Security in Any Organisation 2 Linking Business Objectives with Security 3 Incident Response Management and Disaster Recovery 4 Mobile Device Security Managment 5 Biometric Security Devices and Their Use 6 Ethical Issues in Information Security Management 7 Security Training and Education 7 Defending Against Internet-Based Attacks 8 Industrial Espionage and Business Intelligence Gathering 9 Personnel Issues in Information Security 9 Physical Security Issues in Information Security 10 Cyber Forensic Incident Response 10 Conclusion 11 References 11

Abstract

Small to Medium Size Enterprises (SMEs) contribute greatly to the economy in many countries despite the many challenges that they face. Lesser budgeting, resource planning and time management are just some of the limitations that they might encounter. Comparing this to a larger enterprise or government body, SMEs seems to have different approaches with regards to information security, sometimes understating the importance due to the constraint mentioned. This paper aims to study the issues relating to introduction and implementation of info security regimes in SMEs compared to larger organisations.

Introduction Small and medium enterprise are defined by the number of personnel working for the company, around the upper limit of 250 to the lower of 50. They usually lack resources, competencies and management to implement strategies externally and internally for their operations. This paper will focus on the implementation of information security regimes of SMEs and provide a comparison to large enterprises. The paper explores the multiple categories of information security, attempt to list the disadvantages faced by SMEs and how sometime



References: (n.d.). Retrieved March 10, 2013, from Symantec: http://securityresponse.symantec.com/avcenter/security/Content/security.articles/corp.security.policy.html ABS Anderson, R. J. (2001). Why Information Security is Hard - An Economic Perspective. in Proceedings of the Seventeenth Computer Security Applications Conference (pp. 358-365). IEEE Computer Society Press. BH Consulting. (2006). Incident Response White Paper. Dublin: BH Consulting. Blackwell, G. (2010, May 25). Disaster Recovery For Small Business. Retrieved March 13, 2013, from Small Business Computing: http://www.smallbusinesscomputing.com/biztools/article.php/10730_3884076_2/Disaster-Recovery-For-Small-Business.htm Crane, A Crist, J. (2007). Web Based Attacks. SANS Institute. Disaster Recovery. (n.d.). Disaster Recovery. Retrieved March 13, 2013, from Disaster Recovery: http://www.disasterrecovery.org/ Giannoulis, P., & Northcutt, S Goh, R. (2003). Information Security: The Importance of the Human Element. Singapore: Preston University. Good Technology. (2009). Mobile Device Security. Good Technology. Hight, S. D. (2005). The importance of a security, education, training and awareness program. Householder, A., Houle, K., & Dougherty, C Juhani Anttila. (2005, March). Retrieved March 13, 2013, from QualityIntegration: http://www.qualityintegration.biz/InformationSecurityManagement.html Kelly, L Klein, D. V. (1999). Defending against the wily surfer - Web based attacks and defense. California: The USENIX Association. Liu, S., & Silverman, M. (2001). A Practical Guide to Biometric. IT Pro. Miora, M. (2010). Business Continuity. Los Angeles, California, USA. Moshchuk, A. N. (2000). Understanding and Defending Against Web-borne Security Threats. Washington: University of Washington. Podszywalow, M. (2011, November 29). How to Detect and Stop Corporate Cyber Espionage. Retrieved March 13, 2013, from The Data Chain: http://www.thedatachain.com/articles/2011/11/how_to_detect_and_stop_corporate_cyber_espionage PricewaterhouseCooper Proctor, P. E., & Byrnes, F. C. (2002). The Secured Enterprise: Protecting Your Information Assets. New Jersey: Prentice Hall. Radding, A. (2012, January 04). Retrieved March 10, 2013, from Brainloop: http://www.brainloop.com/fileadmin/assets/PDFs/White_Papers/brainloop_white_paper_info_sec_options.pdf Relkin, J Souppaya, M., & Scarfone, K. (2012). Guidelines for Managing and Securing Mobile Devices in the Enterprise. National Institute of Standards and Technology. Tawileh, A., Hilton, J., & Stephen, M. (2007). Managing Information Security in Small and Medium Sized Enterprises: A Holistic Approach. Information Security Solutions Europe Conference, (p. 11). Warsaw. Tiwary, K. D. (2011). Security and ethical issues in it: An organisation perspective. International Journal of Enterprise Computing and Business . Zahorsky, D. (n.d.). About.com. Retrieved March 13, 2013, from Disaster Recovery Decision Making for Small Business: http://sbinformation.about.com/od/disastermanagement/a/disasterrecover.htm

You May Also Find These Documents Helpful

  • Better Essays

    Whitman, M., & Mattord, H. (2004). Information Security Policy. In Management of information security(Fourth ed., p. 154). Boston, Mass.: Thomson Course…

    • 2101 Words
    • 8 Pages
    Better Essays
  • Satisfactory Essays

    Imagine that you are working for a startup technology organization that has had overnight success. The organization’s immediate growth requires for it to formulate a corporate strategy for information security. You have been recruited to serve as part of a team that will develop this strategy.…

    • 514 Words
    • 3 Pages
    Satisfactory Essays
  • Powerful Essays

    INF 325 Week 1: A Case Study

    • 2472 Words
    • 10 Pages

    Liaskos, J., & Sandy, G. A. (2004). An evaluation of Internet use policies of Victorian local…

    • 2472 Words
    • 10 Pages
    Powerful Essays
  • Good Essays

    Never allow any type of attack, successful or otherwise to go undocumented or wasted. “If you experience an attack, learn from it,” For example, let us analyze an information security breach case of a financial corporation that caught an employee trying to steal very private company trading algorithms. Accountability and authenticity must immediately be exercised to ensure…

    • 639 Words
    • 3 Pages
    Good Essays
  • Good Essays

    References: Kim, D., & Solomon, M. G. (2012). Fundamentals of Information Systems SecuritY. Sudbury: Jones & Bartlett Learning.…

    • 651 Words
    • 3 Pages
    Good Essays
  • Powerful Essays

    Is4231 Week 5

    • 3436 Words
    • 14 Pages

    Evaluate the internal and external factors that influence the activities and organization of an information security program List and describe the typical job titles and functions performed…

    • 3436 Words
    • 14 Pages
    Powerful Essays
  • Satisfactory Essays

    While the effects of one of these attacks is realized at a much higher price point for larger businesses, smaller companies are actually targeted more often because of their lack of security infrastructures and data monitoring systems. In fact, Horton claims that more than 90% of data breaches affect small businesses. (Horton, 2014) These startling numbers leave many small business owners wondering what they can do to reduce the risk associated with cyber-attacks.…

    • 499 Words
    • 2 Pages
    Satisfactory Essays
  • Better Essays

    Cmgt 400 Week 2

    • 1100 Words
    • 3 Pages

    The internet is approximately 40 years old and is continuing to grow at a rapid pace. This rapid growth and use of the internet for practically everything you can do in life has also cause a major increase in threats. Cyber-criminals are often breaking into security on many major websites and making the news. Information Security is turning into an important part in protect a business’s information.…

    • 1100 Words
    • 3 Pages
    Better Essays
  • Better Essays

    Dougherty, C., Householder, A., & Houle, K. (2002). Computer attack trends challenge Internet security. Computer, 35(4), 0005-7.…

    • 1278 Words
    • 5 Pages
    Better Essays
  • Good Essays

    As we already know Fullsoft Inc, has recently experienced a malware attack that has resulted in proprietary information being leaked. Even though the company is now in the process of this breach being recovered, we will need to come up with a plan so we can prevent such incident of happening again.…

    • 1033 Words
    • 3 Pages
    Good Essays
  • Satisfactory Essays

    IS 4560 Week 1

    • 309 Words
    • 2 Pages

    Web-based attacks – the increasing pervasiveness of Web browser applications along with increasingly common, easily exploited Web browser application security vulnerabilities has resulted in the widespread growth of Web-based threats. Attackers wanting to take advantage of client-side vulnerabilities no longer need to actively compromise specific networks to gain access to those computers. Instead, they can focus on attacking and compromising websites to mount additional, client-side attacks.…

    • 309 Words
    • 2 Pages
    Satisfactory Essays
  • Better Essays

    Cmgt400 Week 3

    • 1752 Words
    • 8 Pages

    References: Conklin, A., White, G., Williams, D., Davis, R., & Cothren, C. (2012). Principles of Computer Security: Comp TIA Security + and Beyond (third ed.). Boston, MA: McGraw-Hill Company.…

    • 1752 Words
    • 8 Pages
    Better Essays
  • Good Essays

    Post Revolutionary War, in 1777, the pristine leaders of the newborn United States of America realized that it was imperative that the draft and establish an effective government. The government would have to be able to unify the brand new nation and help it prosper. A strong central government was obviously not the answer for this newly freed nation. Therefore that is why the Articles of Confederation were established as a “firm league of friendship”. The Articles of Confederation should of been called the Articles of Confusion though because it was a weak foundation since it gave the states the ability to govern themselves, which created a tidal wave of negatives. Yet those negatives turned out to be positives for our infant country in the long run. All of the negatives within the Articles of Confederation ultimately made it an effective document though because it allowed our Founding Fathers to set a sturdy foundation for future generations even if it was a shaky one.…

    • 940 Words
    • 4 Pages
    Good Essays
  • Powerful Essays

    Data Breach Research Paper

    • 4412 Words
    • 18 Pages

    References: Banham, R. (2012) “Where the Money Is, And the Security Isn’t: Cyber thieves are increasingly targeting small and midsize businesses, and why not? Most SMBs do little to protect themselves”. Retrieved from www.CFO.com…

    • 4412 Words
    • 18 Pages
    Powerful Essays
  • Powerful Essays

    Privacy and Security

    • 4774 Words
    • 20 Pages

    Today 's risk of surfing the internet has increased as a variety of threats have emerged. However; many people fail to understand the importance of internet security. A number of people do not apply or just apply the basic of security software until they realise there is a risk. Consequently, their computers are being infiltrated or infected. Some people are unaware of personal information being stolen or misused, which can present many security issues to the user. As one part of privacy, personal information has to be protected by internet users due to the many attacks that are intended to obtain your personal information for profit.…

    • 4774 Words
    • 20 Pages
    Powerful Essays