The Need For Information Security Management Information Technology Essay

The Need For Information Security Management Information Technology essaySmall to Medium Size Enterprises contribute greatly to the economy in many countries despite the many challenges that they face. Lesser budgeting, resource planning and time forethought atomic number 18 just some of the limitations that they might take chances. Comparing this to a larger enterprise or government body, SMEs seems to have different approaches with regards to information security, sometimes understating the splendour due to the constraint mentioned. This paper aims to study the issues relating to introduction and implementation of info security regimes in SMEs compared to larger organisations.IntroductionSmall and medium enterprise are defined by the number of personnel working for the company, around the upper limit of 250 to the lower of 50. They usually lack resources, competencies and watchfulness to implement strategies externally and internally for their operations. This paper will focu s on the implementation of information security regimes of SMEs and provide a comparison to large enterprises. The paper explores the multiple categories of information security, start out to list the disadvantages faced by SMEs and how sometime large enterprises are unable to match a SME in the capability to respond to security threatsJustifying The Need for rifle Information Security in Any OrganisationThe internet age brought upon new challenges to the business world, both SMEs and large organisation are continuously invest substantial resources to secure their presence on the internet. With increasingly virtualized business networks and expanding corporate ecosystem, more information have been created or converted into digital format. Digitalized information stool be saved in different storage devices and transmitted over a plethora of interconnected network both internally and externally (Radding, 2012). Understandably, wickedness and security threats to information are be coming more common property as the reliance on Internet in business activities increase . Threats such as hackers, business competitors or even foreign governments can employ a host of different methods to obtain information from any organisation (Symantec). Yet no effective business would totally isolate themselves from using digitalized info to prevent such nonessentials competitiveness or success of these organisations is linked to right information delivered on time. At its worst erroneous info may result in serious loss of potential earnings and damage to the organisations brand(Juhani Anttila, 2005).A significant divisor of information security are the apostrophize and personnel expertise required with the designing, development and implementation of an effective security system. There is a need for study investment to be invested to build and maintain reliable, trustworthy and responsive security system (Anderson, 2001). Since around SMEs tend to have to operate under tight budgeting, intense limited manpower and many different needs competing for limited supply of resources, thus placing information security down the priorities list (Tawileh, Hilton, Stephen, 2007). Additionally, the lack of awareness to the controvert consequences of info security issues and threats and the perception of less strict regulatory compliance requirements, information and communications infrastructure within these SMEs remain highly unsecured. Despite that, most organisations do at least have some form of basic security in the form of anti-virus softwares. Other types of security software like firewall or authentication software/hardware are considerably less popular perhaps due to the additional complexity of having to install and configure them for the organisation wont (ABS, 2003).Linking Business Objectives with SecurityIncident Response Management and Disaster RecoveryIncident receipt management is the process of managing and responding to security inciden ts. As organisations may encounter plenty of incidents throughout the day, it is principal(prenominal) that incident responses are carefully managed to reduce wastage of manpower and resources. The most appropriate level of response should be assigned to on any security incident to maximize efficiency there is no merit in involving senior management in a response to an incident that has minimal impact on business (BH Consulting, 2006)Disaster recuperation is the process used to recover access to an organisations software, data and hardware that are required to cartoon the performance of normal, critical business functions. Typically this will happen later either a natural disaster or manmade disaster. (Disaster Recovery)Incident response management used to be separated into different entities, natural disasters , security breaches and privacy breaches were handled by risk management, information security department and legal department. This increased the cost of incident manage ment and reduce utilization of existing resources and capabilities. By merging the 3 into one overarching incident management methodology specified with an incident response team and a charter, reduced cost and efficient usage of resource can be achieved (Miora, 2010)In larger organizations, incident response team may contain both employees and third party observers from vendors. External vendors may provide the expertise to manage an incident that could be overwhelming to the current employees. This however may not be feasible for SMEs due the financial constraints. Most likely, the incident response management team would be formed using few employees with a senior manager or director leading the team. The response team would be the ones who do the planning scenario for each different types of incident and the type of responses required, go through that clear processes and procedures are in place so that responses to incident are coherent. Communications between members are typica lly standardized be it for large organisations or SMEs method of contact such as emails and non-email like phone calls or messages are used to inform team members (BH Consulting, 2006).Disaster recovery extremely important as well, more so for SMEs. A survey from US Department of Labor provided an estimation that around 40% of business never reopen after a disaster and of the remaining around 25% will close down within 2 years (Zahorsky). Unfortunately, not many SMEs have a disaster recovery plan in place to protect themselves. This is due to the idea that disaster recovery is costly and requires alot of resources and expertise to put in place one. This is true to a certain extend as large organisations normally spend amounts to put in place backup servers and remote hot recovery sites. However with increasing cloud-based technologies and availability of server virtualization, disaster recovery can become affordable even for SMEs. Up and coming cloud solution and rental space in se cure data center via colocation are some of the solutions that SMEs can consider. Even without any or little IT staff, by paying the colocation supplier they can assist to manage the setup and maintenance services (Blackwell, 2010).Linking Business Objectives with Security