Information Security Standard: Addressing Security Challenges for SMEs

Verified

Added on 2020/03/16

AI Summary

This report addresses the critical need for robust information security standards within small and medium enterprises (SMEs). It highlights the significant losses SMEs face due to inadequate security measures, emphasizing the importance of risk assessment, confidentiality, integrity, and availability of data. The report outlines various threats, including internal attacks, phishing, malware, and DDoS attacks, and discusses the role of government in supporting SME security. It also proposes practical solutions such as installing antivirus software, patching systems, using strong passwords, data backups, and restricting data access. Furthermore, the report stresses the importance of employee training and the adoption of cloud services to enhance security. The conclusion underscores the necessity for SMEs to prioritize IT security, manage risks effectively, and employ skilled IT professionals to safeguard their operations and data. The report emphasizes that a proactive approach to IT security is essential for the long-term success of SMEs.

Running head: INFORMATION SECURITY STANDARD
Information Security Standard
Name of the Student
Name of the University
Author note

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

1INFORMATION SECURITY STANDARD
The need for an International Information Security Standard for Small Medium
Enterprises
It has been seen that due to insufficient and inadequate management of proper security
arrangements and unexpected security incidents the small-scale industries had already suffered a
huge loss of data and privacy information (Yeboah-Boateng and Essandoh, 2014). The need of
proper security management technologies is a must in any organisation maybe it is a large-scale
industry or any small-scale industry. A resolution to this delinquent may be the controlled and by
proper management of the security schemes. However, there are enough evidences that the
security practices are not strongly upheld within small and medium enterprise environments. A
survey revealed that the SME’s lack this basic need because of the mismanagement of budget
and this type of things are often handed to non-experts without proper qualification. This results
in loss of data and rupturing of private information of the organisation. Without proper security
arrangement a SME can even come down to verge of extinction.
Risk assessment can be defined as the as the calculation done of intimidations, impacts
and susceptibilities of data and info processing and the chances of occurring of these events.
Also, the procedure of risk management may be defined as the identification, collection and
execution of counter measures that are premeditated to reduce the identified levels of risk to
acceptable levels, this way governing, minimalizing and potentially eradicating the
acknowledged security risks, at an acceptable cost (Melendez, Dávila and Pessoa, 2016). The
three basic terms related to the information security management are confidentiality that is the
data must be accessible completely to official parties, integrity which means the completeness
and accuracy of the data must be well-preserved and obtainability that is the authorised users
must access the data when required.

2INFORMATION SECURITY STANDARD
Data safety is a far-off multifaceted question than Information Technology security. At
the present time it is not sufficient to contemplate in terms of firewalls, antivirus packages,
unswerving hardware and clear-cut credentials systems. The mindful creation of the high-tech
circumstantial is no longer sufficient (A. Harris and Patten 2014). The integrity, accessibility,
and secrecy of data is mainly exposed by careless management or decisive mutilation by the
hands of core workers through the establishments data control systems and or the internet and
tactical associates with admittance via the internet, extranet or Automated Information Exchange
to corporations databases contractors, vendors, collaboration associates and economic facility
workers (Lo and Chen 2012). Numerous other assets, such as accurateness, liability, non-
repudiation, and reliability may also be connected to data security.
There are many information security requirements as mentioned by the international
safety of the US and the UK the that any organisation needs to follow. Firstly, the need for risk
assessments, risks must be understood and recognised. The IT security measures that are taken
must be proportionate with these risks (Dillon and Vossen, 2015). Organizations needs to create,
interconnect, implement, approve, monitor, and impose security strategies across the
organization. Organisations needs to make every employee of the organization aware of the
importance of IT security and to train the employees good IT security practices (Shameli-Sendi,
Aghababaei-Barzegar and Cheriet, 2016). The organisation also needs to monitor audit and run
regular security checks regularly in order to eradicate any incoming threat.
Some of the security metrics that a small-scale industry needs to follow are the number of
the previous reported incidents. The number of viruses or other malicious code outbreak are also
to be recorded (Kimwele, 2014). Keeping a track of the unethical websites are also to be kept in
the mind. Frequency of the IT systems failures are also to be checked regularly.

3INFORMATION SECURITY STANDARD
The government of any country plays a key role in maintaining the security aspects for an
organization specially the small-scale ones. Providing a good infrastructure and technical helps
not only boosts the security aspects but also the working capabilities of any organisation.
Major threats to the any SME are, the internal attacks, this type of attacks are done by
someone who works in the organisation itself. Rough employees with access to the networks
does this type of takes. IN order to regulate this, organisation needs tough laws and regulations
for the person who does the same (Nguyen, Newby and Macaulay, 2015). This is one of the
reason which cannot be reduced as no one can predict what goes on someone’s mind. accounts –
accounts with the capability to expressively affect or admittance core systems. Next, fire those
persons that are no lengthier in use or are associated with staffs, no longer employed in the
corporate. Phishing and spear phasing is of the other factor that is mainly responsible for the data
loss in the seas. Lack of proper security knowledge is one of the other major factor that is
responsible for the data loss in case of the security. This one of the key factors that are
responsible for the breaches in the small-scale industries. Due to the low budgets also, the
organisations do not properly train the staffs. The D-Dos attack, that is the distributed denial of
service is one of the attack (Devos, Van Landeghem and Deschoolmeester, 2016). Without
knowledge of this it become nearly impossible for anyone to stop this attack. IN most of the
SME’s it is seen that most of the employees does not even know about the term DDOS attacks.
and this leads to the lack of the systems. Malwares are the one of the other vulnerabilities that
harm the systems of any organisation. Malware is a comprehensive word that covers any
software that gets connected on a system to do undesirable tasks for the advantage of a third
party. Ransomware is a type of malware, which includes adware ,spyware, Trojans , and bots .
SQL injection, just about every organisation depend on on the websites to do work and operate

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

4INFORMATION SECURITY STANDARD
day to day business work. Sell injection opens up vulnerabilities web pages and downloads or
lets the third parties read the contents of the web sites without the knowledge of the users
(Peltier, 2016). This is one of key reason for many organisations data loss. Lastly, many
companies accept the employees to bring their own devices inside the organisation for doing
works and connect to the network. This is one of the major source that lets the user use the
vulnerabilities of the network and do wrong things.
As we can see that the small-scale industry faces many problems in maintaining the
security in the organisations. Improper infrastructure is one of the key reason for such type of
issues. Simple things that can be done in order to make the structure more secure 1st, installing
and running proper anti viruses and keeping them updated is one of the key task to be done.
Patching the systems with regular security updates from the OS providers also helps in making
the system more secure (Cavelty and Mauer, 2016). Using the unique and complex passwords
and helps a lot in maintaining servers. Using simple and easily guess able passwords is one of the
main reason for the data leaks and using complex alphanumeric passwords can reduce such
things easily. Keeping up backup of the data in a regular interval of time also helps a lot. If the
data is properly backed up, in any cases of data loss, the backup can be used. This can be done
using the cloud services, which also helps in easy maintenance of data (Ross, McEvilley, and
Oren, 2018). Other things that the senior officials can do in order to make an organisation more
secured are, 1stly ensuring that the employees and the vendors can access the data which are
only required for their job (Ab Rahman and Choo, 2015). This ensures that the information’s are
secured in every hand, steps must be taken if information of one employee is used by some other
user.IN any case if an employee leaves the organisation, the knowledge of the information which

5INFORMATION SECURITY STANDARD
was access able by that person must be altered immediately. In a small-scale industry, ideas are
the key to success, and idea must be kept secret in safe hands.
Thus, concluding the topic, it can be said that maintaining proper IT security id one of the
key factor for any small-scale industry. Proper analyzation of the risk and solving the same is
part of the process. Some of the major issues that I have discussed in the paper are the major
causes for the data loss for any organisation. I have also provided some of the steps that can be
taken in order to reduce such problems. In order to gain maximum success a small-scale industry
other that focussing on the products must also think about the security part. Proper IT technicians
must be employed and further trained for the betterment of the organisation. Cloud systems can
help a lot in maintaining the security as well as the structure of the data maintenance. Securing
the networks from outside world also helps a lot in maintaining proper security.

6INFORMATION SECURITY STANDARD
References
A. Harris, M. and P. Patten, K., 2014. Mobile device security considerations for small-and
medium-sized enterprise business mobility. Information Management & Computer
Security, 22(1), pp.97-114.
Ab Rahman, N.H. and Choo, K.K.R., 2015. A survey of information security incident handling
in the cloud. Computers & Security, 49, pp.45-69.
Cavelty, M.D. and Mauer, V., 2016. Power and security in the information age: Investigating the
role of the state in cyberspace. Routledge.
Devos, J., Van Landeghem, H. and Deschoolmeester, D., 2016. INFORMATION SYSTEMS FOR
SMALL AND MEDIUM-SIZED ENTERPRISES. SPRINGER-VERLAG BERLIN AN.
Dillon, S. and Vossen, G., 2015. SaaS cloud computing in small and medium enterprises: A
comparison between Germany and New Zealand. International Journal of Information
Technology, Communications and Convergence, 3(2), pp.87-104.
Kimwele, M.W., 2014. Information technology (IT) security in small and medium enterprises
(SMEs). In Information Systems for Small and Medium-sized Enterprises (pp. 47-64). Springer,
Berlin, Heidelberg.
Lo, C.C. and Chen, W.J., 2012. A hybrid information security risk assessment procedure
considering interdependences between controls. Expert Systems with Applications, 39(1),
pp.247-257.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

7INFORMATION SECURITY STANDARD
Melendez, K., Dávila, A. and Pessoa, M., 2016. Information technology service management
models applied to medium and small organizations: A systematic literature review. Computer
Standards & Interfaces, 47, pp.120-127.
Nguyen, T.H., Newby, M. and Macaulay, M.J., 2015. Information technology adoption in small
business: Confirmation of a proposed framework. Journal of Small Business Management, 53(1),
pp.207-227.
Peltier, T.R., 2016. Information Security Policies, Procedures, and Standards: guidelines for
effective information security management. CRC Press.
Ross, R.S., McEvilley, M. and Oren, J.C., 2018. Systems Security Engineering: Considerations
for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems [including
updates as of 1-03-2018] (No. Special Publication (NIST SP)-800-160).
Shameli-Sendi, A., Aghababaei-Barzegar, R. and Cheriet, M., 2016. Taxonomy of information
security risk assessment (ISRA). Computers & security, 57, pp.14-30.
Yeboah-Boateng, E.O. and Essandoh, K.A., 2014. Factors influencing the adoption of cloud
computing by small and medium enterprises in developing economies. International Journal of
Emerging Science and Engineering, 2(4), pp.13-20.