logo

RUNNING HEAD: EFFECTIVE INFORMATION SECURITY & RISK MANAGEMENT STRATEGY FOR SMALL & MEDIUM ENTERPRISES

   

Added on  2020-05-03

6 Pages1358 Words456 Views
RUNNING HEAD: EFFECTIVE INFORMATION SECURITY & RISK MANAGEMENT STRATEGY FOR SMALL & MEDIUM ENTERPRISES1EFFECTIVE INFORMATION SECURITY & RISK MANAGEMENT STRATEGY FORSMALL & MEDIUM ENTERPRISESStudent NameInstitute Name

EFFECTIVE INFORMATION SECURITY & RISK MANAGEMENT STRATEGY FOR SMALL & MEDIUM ENTERPRISES2ContentsIntroduction...........................................................................................................................................3Security Threats.....................................................................................................................................3Conclusion.............................................................................................................................................4Reference...............................................................................................................................................6

EFFECTIVE INFORMATION SECURITY & RISK MANAGEMENT STRATEGY FOR SMALL & MEDIUM ENTERPRISES3IntroductionCompanies of all kind of size are now most importantly dependent on IT and network for the functions of the business operations. Thus, all have a constant need to make sure that their system and information are protected in right manner against any kind of security breaches. But, there are so many evidences that suggests that security based practices are not upheld with strength within small as well as medium organization environments. The discussion alsopresents as a survey of security practices within such companies in countries like USA and Europe with specific attention on whether right attention is placed on issue associated with risk assessment (A. Harris and P. Patten, 2014). The study also reveals that small and medium enterprises are featured by lack of right attention on IT based security measures withassociated accountability and it is constantly unassigned or allocated to someone without right qualifications. Security ThreatsAt the time when company was facing new threats and vulnerabilities on a routine basis, the crucial step in setting the right security for the system is assessed properly that present risks to which it can be exposed. Without this, a company cannot ensure to have right kind of appreciation of the threats and vulnerabilities faced by its current assets and hence this will lead to the rise of the counter measures as well. A method to achieve is by conducting the proper kind of risk assessment which can be defined as a systematic as well as analytical procedure to focus on the likelihood that the present threat will further endanger an asset, people or operations and to recognize the work to decrease the overall risk as well as mitigatethe results of the attack (Johnson, 2014). Assessment of the risk can be divided into two separate procedure and the first process of risk analysis can be discussed as the assessment based on threats to influence on issues and vulnerabilities associated with data and information processed from facilities and the chances of the occurrences. It also involves steps like recognizing the assets that require to be protected and recognition of threats as well as vulnerabilities associated with the assets. With this, there is a need to focus on the risk management process as well which are important for the SMEs as they lack all the necessary resources which are related to the human capital, database and the specific knowledge patterns as well. Here, the structured risk

End of preview

Want to access all the pages? Upload your documents or become a member.

Related Documents
Assignment on Effective Information Security & Risk Management Strategy
|6
|1137
|95

ITC 595 - Information Security- Risk Management
|9
|2004
|47

Enterprise Information Security Risk Analysis
|4
|623
|221

Cloud Computing: Information Security, BCP, Resource Management, SLA Management
|20
|4947
|200

System Security Management
|6
|1504
|37

Cyber Risk And Insurance For Transportation Infrastructure
|18
|3040
|16