Management of Information Technology in Small and Medium Scale Firms
Added on 2022-11-13
33 Pages6309 Words75 Views
Running head: MANAGEMENT OF INFORMATION TECHNOLOGY 1
Management of Information Technology
Author Name(s), First M. Last, Omit Titles and Degrees
Institutional Affiliation(s)
Author Note
Include any grant/funding information and a complete correspondence address.
Management of Information Technology
Author Name(s), First M. Last, Omit Titles and Degrees
Institutional Affiliation(s)
Author Note
Include any grant/funding information and a complete correspondence address.
Running head: MANAGEMENT OF INFORMATION TECHNOLOGY 2
Abstract
Purpose- The main objective for this research was to gather as much information as possible
about the IT security management issues that arise in smallest and medium scale firms both in
the service and manufacturing sector.
Methodology- The focus of the research was geared towards the SMEs. Much research has been
done within the large corporation but less attention has been devoted to the SMEs. This research
was done by sending emailing containing the questionnaire to 150 SMEs owners around Kuala
Lumpur to get their valid responses.
Findings-The result of this research shows that although the SMEs have established information
security procedures, practices and policies in place in their work environments to counter the
emerging security threats in workplaces. It is however noted that there is serious issues with
respect to the effectiveness of these measures.
Value- The data collected in this research shall be vital for SMEs in executing their plans,
training and general exploitation of IT to fully benefit from it.
Keyword- Small scale firms, medium scale firms, information technology, information systems,
information security.
Paper type-Research paper
Abstract
Purpose- The main objective for this research was to gather as much information as possible
about the IT security management issues that arise in smallest and medium scale firms both in
the service and manufacturing sector.
Methodology- The focus of the research was geared towards the SMEs. Much research has been
done within the large corporation but less attention has been devoted to the SMEs. This research
was done by sending emailing containing the questionnaire to 150 SMEs owners around Kuala
Lumpur to get their valid responses.
Findings-The result of this research shows that although the SMEs have established information
security procedures, practices and policies in place in their work environments to counter the
emerging security threats in workplaces. It is however noted that there is serious issues with
respect to the effectiveness of these measures.
Value- The data collected in this research shall be vital for SMEs in executing their plans,
training and general exploitation of IT to fully benefit from it.
Keyword- Small scale firms, medium scale firms, information technology, information systems,
information security.
Paper type-Research paper
Running head: MANAGEMENT OF INFORMATION TECHNOLOGY 3
Introduction
Growth in PC revolution and increasing penetration of the Internet have enabled the
SMEs take most of their operation in the cloud These online transactions increased threat posed
by cybercriminal and insider threats in modern SMEs workspace. All it takes to breach the SMEs
information resources is a disgruntled employee, a hacker, overzealous competitors, a thief to use
computer systems to break into the SMEs business information resource. The attacker has
different motives depending on what they want to achieve after the attack. Some methods used
by this type of people involves erasing the customer database, incorporating a virus into the
business operation network, sending Trojan horses, stealing the personal files and the search for
current credit number associated with the business, employees or customers. All these types of
attacks are hazardous and can potentially cripple the SME.
The penetration of IT and IS into normal work procedures for the SMEs has been so
diverse that a normal SMEs cannot operate without the IT and IS elements working normally.
This is closely linked to the growth of e-commerce and e-business which continue to expose the
SMEs to cyber attacks
It is common knowledge that the SMEs are known to be more vulnerable to the cyber
attack simply because they have inadequate financial resources and the human resources to
develop and maintain a comprehensive information security system. Lack of proper policies and
procedures within the SMEs makes the business particularly more susceptible to insider jobs
who have some authenticated access to the business computer systems. The next section of this
paper provides literature review of some documented information security threats that have been
witnessed within the SMEs realm in the global scale then narrowly focusing on Malaysia. More
specifically, the literature review part of this paper has provided some important
Introduction
Growth in PC revolution and increasing penetration of the Internet have enabled the
SMEs take most of their operation in the cloud These online transactions increased threat posed
by cybercriminal and insider threats in modern SMEs workspace. All it takes to breach the SMEs
information resources is a disgruntled employee, a hacker, overzealous competitors, a thief to use
computer systems to break into the SMEs business information resource. The attacker has
different motives depending on what they want to achieve after the attack. Some methods used
by this type of people involves erasing the customer database, incorporating a virus into the
business operation network, sending Trojan horses, stealing the personal files and the search for
current credit number associated with the business, employees or customers. All these types of
attacks are hazardous and can potentially cripple the SME.
The penetration of IT and IS into normal work procedures for the SMEs has been so
diverse that a normal SMEs cannot operate without the IT and IS elements working normally.
This is closely linked to the growth of e-commerce and e-business which continue to expose the
SMEs to cyber attacks
It is common knowledge that the SMEs are known to be more vulnerable to the cyber
attack simply because they have inadequate financial resources and the human resources to
develop and maintain a comprehensive information security system. Lack of proper policies and
procedures within the SMEs makes the business particularly more susceptible to insider jobs
who have some authenticated access to the business computer systems. The next section of this
paper provides literature review of some documented information security threats that have been
witnessed within the SMEs realm in the global scale then narrowly focusing on Malaysia. More
specifically, the literature review part of this paper has provided some important
Running head: MANAGEMENT OF INFORMATION TECHNOLOGY 4
recommendations and checklist designed to help SMEs focusing on strengthening their cyber
defenses. The main objective of this study is to gather the information that is related to
information security and management issues with respect to small and medium scale firms in the
service and manufacturing industry. The data which is collected in this paper shall help SMEs
properly plan their IT-based workplaces in a more proactive manner in the fight against
information security threats which in general improved information systems management.
recommendations and checklist designed to help SMEs focusing on strengthening their cyber
defenses. The main objective of this study is to gather the information that is related to
information security and management issues with respect to small and medium scale firms in the
service and manufacturing industry. The data which is collected in this paper shall help SMEs
properly plan their IT-based workplaces in a more proactive manner in the fight against
information security threats which in general improved information systems management.
Running head: MANAGEMENT OF INFORMATION TECHNOLOGY 5
Literature Review
(Dutta, 2013) reports on the fundamental importance and the general usage of IT in a
sample of 200 startups. In his study, the general theme is that the more a firm uses IT in its
operates, the more the firm generally improves in its performance. It is however shocking to
reveal a sharp contrast in the opinions of the firm's managers. In their opinion, they believe the
importance of IT in the general management of operations of their business has no correlation to
the improvement in the performance of their business. The empirical evidence from the report
confirms the narrative that in general, IT usage is generally increasing annually among the
SMEs. The research further went ahead and presented a typical profile of a small management
information system in the domain of management accounting systems. The report suggests that
with the proven record of the importance of IT incorporation in the management information
system, the SMEs should equally take the prevailing advantages of the new and emerging trends
in information technology and information systems so as to explore new opportunities which
comes with the advancements in technology
(Ngwenyama and Morawczynski, 2009) argued that most organizations have increasingly
become more dependent on the usage of information systems in the realization of strategic
objectives of the corporations. With this strategic tool comes eminent security threats that the
paper highlighted as an issue of paramount importance to be handled by the corporations due to
interconnection witnessed in the present information age. As more and more system become
connected, more and more serious threats to the information assets become very much easier to
exploit propagate the effects to other interconnected systems. The report suggests that the
management must invest in information security measures to mitigate the threats to the
information assets which if exploited can adversely affect the business by leading to competitive
Literature Review
(Dutta, 2013) reports on the fundamental importance and the general usage of IT in a
sample of 200 startups. In his study, the general theme is that the more a firm uses IT in its
operates, the more the firm generally improves in its performance. It is however shocking to
reveal a sharp contrast in the opinions of the firm's managers. In their opinion, they believe the
importance of IT in the general management of operations of their business has no correlation to
the improvement in the performance of their business. The empirical evidence from the report
confirms the narrative that in general, IT usage is generally increasing annually among the
SMEs. The research further went ahead and presented a typical profile of a small management
information system in the domain of management accounting systems. The report suggests that
with the proven record of the importance of IT incorporation in the management information
system, the SMEs should equally take the prevailing advantages of the new and emerging trends
in information technology and information systems so as to explore new opportunities which
comes with the advancements in technology
(Ngwenyama and Morawczynski, 2009) argued that most organizations have increasingly
become more dependent on the usage of information systems in the realization of strategic
objectives of the corporations. With this strategic tool comes eminent security threats that the
paper highlighted as an issue of paramount importance to be handled by the corporations due to
interconnection witnessed in the present information age. As more and more system become
connected, more and more serious threats to the information assets become very much easier to
exploit propagate the effects to other interconnected systems. The report suggests that the
management must invest in information security measures to mitigate the threats to the
information assets which if exploited can adversely affect the business by leading to competitive
Running head: MANAGEMENT OF INFORMATION TECHNOLOGY 6
disadvantages. In their empirical study, the research has found out that the SMEs generally have
deterrent efforts to managing the information security threats and oppose to the established
corporations. Furthermore, the study found out that those organizations with strong top
management support for information security engaged in more preventive measures as opposed
to those corporations with relatively weaker support from the top management. Moreover, the
financial organizations according to the study were found to take more deterrent measures and
generally have stringent deterrent severity as oppose to other corporations in other sectors of the
economy. Lastly, the study found out that there is a correlation between greater deterrent efforts
and the preventive mechanism and effective security. The study concluded that the greater the
deterrent and preventive effort put in place, the more enhanced the effective security of the
organization.
(Bolek et al., 2016) is their paper, examined the various issues that the SMEs faces in
Singapore that are related to information security. The research concludes the following to be the
paramount issues that the SMEs in that region faces;
Sophisticated computer systems usage
The general scale of using computer systems
Inadequate financial and human capital to develop and maintain information security
systems
Computer use is mainly for general tasks and mundane functions
The relative cost of computer hardware and software
When we adopt a business approach, the generic rationale for protecting the information systems
can be drawn from the various consequences that lack of adequated information security
measures. The general viewpoints for making this examination is classified into four namely;
disadvantages. In their empirical study, the research has found out that the SMEs generally have
deterrent efforts to managing the information security threats and oppose to the established
corporations. Furthermore, the study found out that those organizations with strong top
management support for information security engaged in more preventive measures as opposed
to those corporations with relatively weaker support from the top management. Moreover, the
financial organizations according to the study were found to take more deterrent measures and
generally have stringent deterrent severity as oppose to other corporations in other sectors of the
economy. Lastly, the study found out that there is a correlation between greater deterrent efforts
and the preventive mechanism and effective security. The study concluded that the greater the
deterrent and preventive effort put in place, the more enhanced the effective security of the
organization.
(Bolek et al., 2016) is their paper, examined the various issues that the SMEs faces in
Singapore that are related to information security. The research concludes the following to be the
paramount issues that the SMEs in that region faces;
Sophisticated computer systems usage
The general scale of using computer systems
Inadequate financial and human capital to develop and maintain information security
systems
Computer use is mainly for general tasks and mundane functions
The relative cost of computer hardware and software
When we adopt a business approach, the generic rationale for protecting the information systems
can be drawn from the various consequences that lack of adequated information security
measures. The general viewpoints for making this examination is classified into four namely;
Running head: MANAGEMENT OF INFORMATION TECHNOLOGY 7
financial loss, ethical and legal responsibility, interruption of business services and the
intertwinement of quality and security. In their research, they concluded the following factors to
be considered in developing a security management framework.
Develop information security policy statements
Assign the key personnel responsible and accountable for the security
Education of all staff on security issues
The process of creating a more comprehensive IT security strategy for SMEs is quite
perceived and often the SMEs run into several challenges in their effort to develop such
strategies hence more SMEs are tempered to go with short cuts. Yes, it is very important to know
where to cut shortcuts and where not to as that could be the only difference between a security
success and a serious disaster (Anderson, Baskerville and Kaul, 2017). Information security is
quite a pervasive issue for all organizations. With the increasing growth in the e-commerce and
the various disruptions caused by globalisations and the regulations have converged to make
information security a paramount concern. (Ayo, 2019) has indicated in his report that about 35
and 95 percent of the organizations have some time in their lifetime reported information
security breaches within the past year. New Malaysian laws require that thorough procedure are
put in place to safeguard the confidentiality, integrity, and availability of data both he non-the
finances the social l, then the medical the record of the individuals and general privacy and
safety of children on the Internet. A huge number of the cyber attacks are directed to the
communication systems, networks and the computer systems themselves. The growing use case
of I nternet from the traditional text based communication and we surfing, the Internet of today
has grown in its scope and use cases as more digital transaction gets processed via the internet
with remote access capabilities done via the internet.In addition to this, the various competitive
financial loss, ethical and legal responsibility, interruption of business services and the
intertwinement of quality and security. In their research, they concluded the following factors to
be considered in developing a security management framework.
Develop information security policy statements
Assign the key personnel responsible and accountable for the security
Education of all staff on security issues
The process of creating a more comprehensive IT security strategy for SMEs is quite
perceived and often the SMEs run into several challenges in their effort to develop such
strategies hence more SMEs are tempered to go with short cuts. Yes, it is very important to know
where to cut shortcuts and where not to as that could be the only difference between a security
success and a serious disaster (Anderson, Baskerville and Kaul, 2017). Information security is
quite a pervasive issue for all organizations. With the increasing growth in the e-commerce and
the various disruptions caused by globalisations and the regulations have converged to make
information security a paramount concern. (Ayo, 2019) has indicated in his report that about 35
and 95 percent of the organizations have some time in their lifetime reported information
security breaches within the past year. New Malaysian laws require that thorough procedure are
put in place to safeguard the confidentiality, integrity, and availability of data both he non-the
finances the social l, then the medical the record of the individuals and general privacy and
safety of children on the Internet. A huge number of the cyber attacks are directed to the
communication systems, networks and the computer systems themselves. The growing use case
of I nternet from the traditional text based communication and we surfing, the Internet of today
has grown in its scope and use cases as more digital transaction gets processed via the internet
with remote access capabilities done via the internet.In addition to this, the various competitive
Running head: MANAGEMENT OF INFORMATION TECHNOLOGY 8
advantages that drives a company’s competitive advantages are enhanced by better systems that
improves the efficiency of production hence general cost reductions hence more productivity.
The over-reliance of information systems has brought with its benefits and a curse and the
system have become the primary target of the attackers through data and information security
breaches. (Yuldinawati, van Deursen and van Dijk, 2018) has pointed out in their journal that the
SMEs uses the Internet resource for quite a variety of use cases. These Internet-based
technologies as reported substantially increases the vulnerabilities of the information systems
which in effect can potentially compromise the information that is housed in the system. The
security experts have predicted serious liabilities in terms if lawsuits for companies and
organizations that are affected by cybersecurity lapses. Since the technological tools used in
mitigating the cybersecurity threats in the business environment, the experts in security suggests
the development of policies that are fairly constant even as the software changes.
The Internet advances have made it very much easy for individuals to make copies of
software and distribute them. This has led to the increased rise in the number of court cases
which are based on the Internet and internet technology issues. The courts have difficulty in
interpreting issues related to intellectual property rights in the open nature of the technologies
that support e-commerce (Chen and Hsu, 2017). The increased in the computer usages has even
introduced a new offender,” The computer criminal’. Despite many efforts devoted to catching
the outsider criminals, the insider criminal is the most costly and least easy to catch. The issue of
computer security has generally become a global phenomenon with rising issues around
information security being discusses in global discourse. It is nowadays not uncommon to find a
business outsourcing for cloud-based services to support their internal business operations. This
cloud-based alliance has even created new emerging threats especially if there is improper
advantages that drives a company’s competitive advantages are enhanced by better systems that
improves the efficiency of production hence general cost reductions hence more productivity.
The over-reliance of information systems has brought with its benefits and a curse and the
system have become the primary target of the attackers through data and information security
breaches. (Yuldinawati, van Deursen and van Dijk, 2018) has pointed out in their journal that the
SMEs uses the Internet resource for quite a variety of use cases. These Internet-based
technologies as reported substantially increases the vulnerabilities of the information systems
which in effect can potentially compromise the information that is housed in the system. The
security experts have predicted serious liabilities in terms if lawsuits for companies and
organizations that are affected by cybersecurity lapses. Since the technological tools used in
mitigating the cybersecurity threats in the business environment, the experts in security suggests
the development of policies that are fairly constant even as the software changes.
The Internet advances have made it very much easy for individuals to make copies of
software and distribute them. This has led to the increased rise in the number of court cases
which are based on the Internet and internet technology issues. The courts have difficulty in
interpreting issues related to intellectual property rights in the open nature of the technologies
that support e-commerce (Chen and Hsu, 2017). The increased in the computer usages has even
introduced a new offender,” The computer criminal’. Despite many efforts devoted to catching
the outsider criminals, the insider criminal is the most costly and least easy to catch. The issue of
computer security has generally become a global phenomenon with rising issues around
information security being discusses in global discourse. It is nowadays not uncommon to find a
business outsourcing for cloud-based services to support their internal business operations. This
cloud-based alliance has even created new emerging threats especially if there is improper
End of preview
Want to access all the pages? Upload your documents or become a member.
Related Documents
Role of Cyber Security for Continuity of Business | Assignmentlg...
|7
|1390
|191
Cybersecurity Roles & Types | Reportlg...
|6
|1387
|568
Identifying and Combating Emerging Threats in Information Systemslg...
|9
|1758
|300
Network Security and Types of Security Threats and Attacks in Information Technologylg...
|8
|2577
|274
Project Dissertation Proposal: Next Generation Cybertraplg...
|12
|4471
|188
CYBER SECURITY Name: Student Id: Name of univeristy:.lg...
|8
|4621
|39