BCO6653: IT Security Management in SMEs - Research Report

This research paper investigates the IT security management issues faced by small and medium-sized enterprises (SMEs) in both the service and manufacturing sectors, focusing on Kuala Lumpur-based SMEs. The study, conducted via questionnaires, reveals that while SMEs have established information security procedures, practices, and policies, there are significant concerns about their effectiveness. The research highlights the increasing threat landscape due to the PC revolution, internet penetration, and e-commerce, which expose SMEs to cyberattacks. It reviews existing literature, including Dutta (2013), Ngwenyama and Morawczynski (2009), Bolek et al. (2016), Anderson, Baskerville and Kaul (2017), Ayo (2019), Yuldinawati, van Deursen and van Dijk (2018), Chen and Hsu (2017), McLaughlin and Gogan (2018), and Ionescu Răzvan Cristian, Ceaușu Ioana, and, emphasizing the importance of IT integration, security measures, and policy development to mitigate risks. The paper underscores the vulnerability of SMEs due to limited resources and the significance of proper policies and procedures in countering insider threats and cyberattacks. The findings provide crucial data for SMEs to enhance their IT planning, training, and overall IT exploitation, aiming to improve information systems management and strengthen cyber defenses.