WHY STUDENT PREFER US?  
4.9/5

5 Star Rating

93940

Orders Deliver

3949

PhD Experts

24x7

Support

100%

Privacy

100%

Top Quality

Sample Details

Information Security Management for Small to Medium Size Enterprises

Number Of View : 55

Download : 0

Pages: 4

Words : 994

Question :

 

Research the topic of Information Security Management from quality sources and write a research essay. The Need for Information Security Management for Small to Medium Size Enterprises. Justifying the need for sound information security management in SMEs

 

Answer :

 

A small and medium scale enterprise has maximum 250 employees and a minimum of 50. These enterprises are still in the growing phase and face resource and infrastructure constraints. The dearth of essential resource and infrastructure makes internal and external management difficult. Due to the vulnerability of these enterprises information security management is essential. This report seeks to explore the implementation of information security in small and medium enterprises (SMEs) and the discussion would reveal whether it differs in anyway with the information security concepts in large enterprises.

These need is the same for all enterprises irrespective of their size, although the magnitude of the need may be different. This is the age of digital information. The virtual networks and the cloud storage practices have layers of interconnection which increases the chance of security breach from any point on the network (Symantec Corporation, 2003). While it is not possible to shield the business completely from all kinds of threats on the digital platforms, it is necessary to prepare against potential security breaches because it can seriously impact the reputation of a business. The cost of installing a strong information security system is considerably high.  Heavy investments are required to develop a reliable system. SMEs have strict budgets and resource constraints such as finance and human resources. Therefore, the planning and implementation of information security can take a backseat. This also happens due to the lack of awareness about the seriousness of threats and the consequences of such issues. Therefore, there is a lack of proper security measures in SMEs as compared to large enterprises but the need for security is prevalent.

Disaster recovery is the process to regain control and access to the business systems so that usual business functions can be resumed after the threat has been tackled. This two actions are specifically important for SMEs as they cannot afford to waste any resources and the right action in right time is crucial for the survival of the business. It is cost effective for an SME to manage all types of business incidents whether security threats or natural disasters under the umbrella of one management. The difference between SME and larger enterprise in this regard is that in larger enterprises both internal staff and third party are involved (Gordas, 2014). It is unfortunate that due to the high cost many SMEs cannot afford an effective disaster recovery plan. But the scenario is changing as the cloud-based technologies are put to use, disaster recovery would be within the accessible financial limits of SMEs.

However, the strategies could be different. Mobile devices are easy targets due to the variety of software used such as data syncing, Bluetooth and even removable storage options. In larger businesses a restrictive approach is used where the cameras of such devices can be disabled. However, for SMEs the appropriate approach would be to issue clear guidelines about the use of mobile devices at workplace and prohibition against attaching such devices to office equipment (NIST, 2013). 

Technology based computer security divided into departmental functions is a common practice in large enterprises. However, for both large enterprises and SMEs it is more beneficial to have a business oriented security system so that the security goals of business are met. One of the important steps in linking business strategies with security is to recruit the internal staff as security personnel who already has fair and specialized knowledge about the business (Quinn, Souppaya, Cook, & Scarfone, 2018). This helps in protecting internal business information and also saves cost for small firms. Aligning the business objectives with the security requirements is also important to convince the enterprise management the need to invest in security which otherwise takes a backseat in an SME. A strategic approach would be required which would be more significant for SMEs than larger enterprises because of the need to spread awareness. It should begin with the assessment of company’s security objectives and the capabilities of its resources. A security gap analysis is required based on which security strategies are formulated. The strategies are then aligned with the business objectives and communicated to the management. 

Businesses with widespread presence on the web are susceptible to security breach. Some common security attacks can come from viruses and malwares. Hence organizations are required to secure those applications which can expose business data. To understand the defence mechanism it is important to understand the threats. A cyber attacker performs system scans to find security loopholes. The commonly exploited applications include RPC, remote networks and Windows File Sharing. The commonly used methods of exploitation are plugins, web browsers and unsecured ports. Among these web browsers are most vulnerable. The attacker can easily find out the commonly visited web portals or websites and plant malware without directly approaching the client’s website. 

Some traditional methods are the use of anti-virus software and operating system firewall. Modern firewall systems are improvements on the traditional ones as these work as applications which understand internet protocols. With the help of these tools the malicious nature of website traffic can be judged. IDS (Intrusion Detection systems) and IPS (Intrusion Prevention systems) are other tools which provide protection against cyber-attacks. Some IDS can directly instruct firewalls to block malicious sources. Choosing the appropriate method depends on the requirement of a business (Snedaker, 2013). For example, IDS is more suited for SMEs as they use readymade applications. This is because File Transfer Protocol and Hypertext Transfer Protocols are commonly used systems which can contain significant loopholes. Also RFC standard compliance is must for SMEs so that automated blockage of malware is possible. On the other hand, large enterprises have enough resources to develop their own programs and applications or use thirty-party software which are well secured. Therefore, in large businesses RFC compliance.

Place Order For A Top Grade Assignment Now

We have some amazing discount offers running for the students

Order Now

Get Help Instantly

    FREE FEATURES

    Limitless Amendments

    $09.50 free

    Bibliography

    $10.50 free

    Outline

    $05.00 free

    Title page

    $07.50 free

    Formatting

    $07.50 free

    Plagiarism Report

    $10.00 free

    Get all these features for $50.00

    free

    Latest Blog Boost your grades with expert tips and tricks from our academic blog.

    Learn How to Write an Argumentative Essay Outline

    Have you been asked to write an argumentative essay by your instructor? If yes, then before you begin writing an argumentative essay, first select a good […]

    90 Outstanding Literary Research Topics and Ideas

    Are you seeking compelling literary research topics? No matter whether you are creating a master’s thesis or writing a college essay, the topic you choose […]

    10 Best Essay Writing Apps for Students [2024]

    If you are a student, then during your scholastic life you will be required to write many types of essay assignments. Since essay writing involves […]

    View More Blogs

    Let's Talk

    Enter your email, and we shall get back to you in an hour.