Exploring the Need for International Information Security Standard

Verified

Added on 2023/06/13

AI Summary

This essay critically examines the need for an international information security standard for Small Medium Enterprises (SMEs). It highlights the importance of such standards in securing informational assets, managing security and privacy risks, and fostering growth and competitiveness. The essay discusses drivers for adopting these standards, including commitment to security, mitigation of risks, and competitive advantage, while also addressing barriers such as difficulties in identifying suitable standards, limited resources, and lack of internal knowledge. It recommends increasing knowledge and engagement, fostering standard adoption through regulatory compliance, facilitating implementation, and fostering cooperation among stakeholders. The essay also points to the ISO/IEC 27000 series as a valuable resource for SMEs seeking to establish a robust information security management system. Desklib provides access to similar essays and study resources for students.

Running head: INFORMATION SECURITY STANDARD IN SME
Essay Topic: The need for an International Information Security Standard for Small Medium
Enterprises
Name of the Student:
Name of the University:

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

1INFORMATION SECURITY STANDARD IN SME
The need for an International Information Security Standard for Small Medium
Enterprises
The information security standards help SME to keep their informational assets secured.
It helps the organization to manage security and privacy of assets like the financial information,
details of employee, intellectual property and other confidential data. Into the small medium
enterprise (SME), there is adoption of information security standards which is beneficial factor to
foster growth, competiveness as well as innovation (Janulevicius et al. 2017). The information
security standards mitigate the information security risks which becomes a threat to privacy. The
users are more concerned regarding the handling of data to the business as well as trust of the
customers. Skolmen and Gerber (2015) discussed that information security framework is such a
series of documented processes which are used to define policies as well as procedures around
implementation of information security controls. This particular framework is blueprint to build
the program for information security for managing of risks as well as reduction of vulnerabilities.
Panjwani, Jantti and Sormunen (2016) argued that the security frameworks are used to solve the
issues related to information security to meet with customized requirements of the SME.
Drivers to pursue information security and privacy standards
Luhach, Dwivedi and Jha (2014) stated that adoption of information security standards
indicate that the organization is being committed to implement security mechanisms to protect
the data. Implementation, maintenance as well as enforcement of the internal policies throughout
use of standards are effective mean to show commitment with the organizational regulations. Saa
et al. (2017) discussed the drivers to pursue of information security as well as privacy standards.
SME suffers of severe impacts on the information systems as well as networks that can lead to

2INFORMATION SECURITY STANDARD IN SME
negative business effects. Scharnick, Gerber and Futcher (2016) argued that adoption of the
information security standards is effective means to mitigate the risks. Among the internet users,
the risks are raised into the online transactions such as mistrust of the personal data in addition to
security of the online payments. The users are concerned at the time of handling of data to the
business. The customer trust is a relevant decision factors which provide advantage to the SME.
In case of SME, there is need to express compliance with the information security as well
as requirements of privacy. Failure to comply with the business requirements provide a negative
impact as well as long term consequences into the business of SME. Da Xu, He and Li (2014)
discussed that the information security standards offer significant competitive advantage to the
SME by improving over the products as well as services the organization offers. When SME
adopts of information security standards, then the customers constitute to the competitive
advantage when deals with the corporate clients from private as well as private sector.
Barriers to adopt SME of information security standard
Terzi, Terzi and Sagiroglu (2015) illustrated the barriers to adoption of SME of
information security standards which are developed as well as published by the international
standards development organization. The SME uses the EU level to identify which of the
standards are suitable for the organization to secure information and data. Most of the SME are
aware of the ISO/IEC27000 series. SME is facing of difficulties with identification of standards
which meet with the business needs. Heikkila et al. (2016) told that SME stores, processes and
transmits the cardholder as well as personal data which are not aware of the specific obligations.
The information security along with privacy risks are transformed into relevant issues into the
organization that require of attention from side of management. Into the current economic

3INFORMATION SECURITY STANDARD IN SME
environment, SME is required to be focused on efforts to stay competitive into core operations,
expand into dynamic business atmosphere. Luhach, Dwivedi and Jha (2014) stated that
achievement of growth, innovation through use of new technologies in addition to corporate
governance is the top priorities of the European SME. SME is required to achieve growth with
the limited resources that are required to allocate by taking account of strict time as well as
budget.
SME is relied on the ICT system for supporting the business processes, business size
which justifies employment of dedicated individuals for the ICT functions. SME decides to
internalize ICT services for outsourcing them. In case of outsourcing of the ICT services, there is
lack of internal knowledge into the information security with providers of the customer security
features. Al-Ghofaili and Al-Mashari (2014) argued that limited access to the capabilities of
information security constitutes to the vulnerabilities for SME. Da Xu, He and Li (2014) defined
that for adoption of information security standards, it is required to allocate information security
roles to particular employees. The security roles are needed to manage the standards, and it is
beyond human resources of SME. Implementation of information standards is time consuming
where limited staffs are assisted with deployment and maintenance of the compliance.
SME are aware of the potential impacts of the disrupted business services due to the
technical incidents and how risk management protects from the threats as well as vulnerabilities
applicable to the information assets (Skolmen and Gerber 2015). Adoption of information
security standard is a key significant tool to develop structured approach for mitigation of risks,
risk environment organization is required to adopt of best standards. Terzi, Terzi and Sagiroglu
(2015) concluded that framework of risk management as well as implementations guidelines to
the small organizations can enable as well as support them. The ongoing issue for the

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

4INFORMATION SECURITY STANDARD IN SME
organizations are that it is not enough guidance based on the specific controls they implement to
compliant with the personal data protection laws. Da Xu, He and Li (2014) concluded that there
are barriers to the information security standards are related to the implementation aspects. It is
difficult for the non-technological SME to comprehend. There is also a concern that that the
language used includes of complex for the SME at the early stages of the adoption process
(Panjwani, Jantti and Sormunen 2016). SME are also unaware of flexibility that the information
security standards provide based on implementation as well as monitoring of controls.
Recommendations to increase level of adoption of information security standards
This study also proposed recommendations to facilitate adoption process of the
information security standards by the small businesses. The recommendations is provided based
on five domains such as increase into knowledge as well as engagement, provide mechanism to
foster the standard adoption by the SME throughout regulatory compliance, facilitating of
standards implementation and fostering cooperation with the stakeholders to improve
information security standardization for SME. The SMEs are recommended to use of ISO/IEC
27000 standards which is popular standard provides requirements for SME information security
management system. It is systematic approach for managing sensitive company’s information
such that it will remain secured. ISO 27000 information security standard was being developed
by international standard organization. It is provided with framework which is applied to various
types in addition to size of organizations. Due to adoption of ISO/IEC 27000 standard, SME
solves their security related problems and prevents to raise any security related issues. This
particular framework includes of physical as well as technical controls which are involved into
the organizational risk management processes.

5INFORMATION SECURITY STANDARD IN SME
References
Al-Ghofaili, A.A. and Al-Mashari, M.A., 2014, August. ERP system adoption traditional ERP
systems vs. cloud-based ERP systems. In Innovative Computing Technology (INTECH), 2014
Fourth International Conference on (pp. 135-139). IEEE.
Da Xu, L., He, W. and Li, S., 2014. Internet of things in industries: A survey. IEEE Transactions
on industrial informatics, 10(4), pp.2233-2243.
Heikkilä, M., Rättyä, A., Pieskä, S. and Jämsä, J., 2016, June. Security challenges in small-and
medium-sized manufacturing enterprises. In Small-scale Intelligent Manufacturing Systems
(SIMS), International Symposium on (pp. 25-30). IEEE.
Janulevičius, J., Marozas, L., Čenys, A., Goranin, N. and Ramanauskaitė, S., 2017, April.
Enterprise architecture modeling based on cloud computing security ontology as a reference
model. In Electrical, Electronic and Information Sciences (eStream), 2017 Open Conference
of (pp. 1-6). IEEE.
Luhach, A.K., Dwivedi, S.K. and Jha, C.K., 2014, December. Applying SOA to an E-commerce
system and designing a logical security framework for small and medium sized E-commerce
based on SOA. In Computational Intelligence and Computing Research (ICCIC), 2014 IEEE
International Conference on (pp. 1-6). IEEE.
Panjwani, M., Jäntti, M. and Sormunen, J., 2016, September. IT Service Management from a
Perspective of Small and Medium Sized Companies. In Quality of Information and
Communications Technology (QUATIC), 2016 10th International Conference on the (pp. 210-
215). IEEE.

6INFORMATION SECURITY STANDARD IN SME
Saa, P., Moscoso-Zea, O., Costales, A.C. and Luján-Mora, S., 2017, June. Data security issues in
cloud-based Software-as-a-Service ERP. In Information Systems and Technologies (CISTI), 2017
12th Iberian Conference on (pp. 1-7). IEEE.
Scharnick, N., Gerber, M. and Futcher, L., 2016, August. Review of data storage protection
approaches for POPI compliance. In Information Security for South Africa (ISSA), 2016 (pp. 48-
55). IEEE.
Skolmen, D.E. and Gerber, M., 2015. Protection of personal information in the South African
Cloud Computing environment: A framework for Cloud Computing adoption (pp. 1-10). IEEE.
Terzi, D.S., Terzi, R. and Sagiroglu, S., 2015, December. A survey on security and privacy
issues in big data. In Internet Technology and Secured Transactions (ICITST), 2015 10th
International Conference for (pp. 202-207). IEEE.