Thursday, December 5, 2019
Need For an IISS Small Medium Enterprises-Free-Samples for Students
Question: Discuss about the need for an International Information Security Standard for Small Medium Enterprises. Answer: In the recent times, small and medium Enterprises (SMEs) can be of utmost importance for presenting innovative business models, which in turn can lead to the economic growth and upliftment of the country. Thus, if we can lend a helping hand to the SMEs in order to tackle the obstacles that hamper their business growth, then number of innovations can be foreseen in the near future. In the present era, we can see that the SMEs are getting more dependent on the information system to provide services to their customers as well as to meet their business goals. An ample number of SMEs have already marked their presence in the internet. Electronic communication, digital services are an important aspect of the increased number of such SMEs. We can say that, increased utilization of the Information technology involves greater security risks to the SMEs. Thus, an extensive security process is necessary for addressing such security issues of the company which can lead to tremendous loss not onl y to the small and medium sized enterprises but also to the large organizations as well. Thus, there is an utmost need of International Security Standards such that the proper maintenance of potentially important data can be maintained. In order to provide the SMEs with a stringent security approaches a number of privacy as well as information security standards have been brought to light. ISO/IEC 27001 and ISO/IEC 27002 are some of the standards (Romanosky 2016). The ISO/IEC 27001 assists the SMEs to implement the IS management system (ISMS). We know that the ISO/IEC 27001 is considered to be one most implemented standard since its year of establishment. ISO 27001 have greatly enabled the small scale industries to cope up with the present global market trends. Risk assessment is one of the key factors of ISO 27001 implementation. Thus, we can say that this step is also crucial for beginning the information system security project. The ISO 27001 standardization first aims to assess the probable risk factors and then provides ways for mitigating those risks. The security management system established with the help of ISO 27001 will be improved, monitored and checked on regular basis (Martnez-Prez et al., 2015). The I SO 27002 framework is useful for maintaining the controls but we can say that for assessing risk ISO 27001 can be regarded as the best option. We have seen that the many SMEs still struggle to adopt such frameworks due to lacking of basic guidance. The ISO 27002 specifies certain practices for ensuring basic protection. Such practices include user awareness, antivirus software, access control backup and protection of essential paper-based files. Therefore, we can say that for a SME it is essential that they implement the basic level of security while setting up their business such as the antivirus software can fight the virus attacks; the back-ups would reduce the chances of data loss (Simpson 2016). The ISO provides the SMEs with easy handling of the risk factors. The small and medium sized enterprises encounter numerous threats and vulnerabilities issues. The SMEs are vulnerable to the internal attack which comprises a huge part of the security threats that small industries face in the modern world. The employees of the company who have access to sensitive data, network servers and admin accounts posses the capability of leaking the vital information. Thus, the company suffers internal attacks threats which affect the security of the organization adversely (Janakiraman, Lim and Rishika 2018). In addition to the internal threats SMEs may also fall victim to phishing attacks in which the attackers introduce malicious code thus, introducing malware in the business. This attack is also difficult to be recognized as the mails appear to be sent by someone whom the recipient knows and trusts. Moreover, the SMEs also fall victim to the Distributed Denial of Service (DDoS) attacks. In this attack there are unusual cases of websites crawling and also f orces certain crucial services to get offline. We can also state that it hampers the functioning of the business by massive increase in the amount of web traffic. Malware is yet another form of threats by which almost all the small as well as medium sized enterprises are affected (Ab Rahman and Choo 2015). It is a kind of software that gets installed in the machine and incorporates the capability to perform such tasks that would lead to the sole benefit to the third party and lead to harmful consequences for the host organization (Peltier 2016). It basically locks the important files and demands some amount of compensation for unlocking the files. The usage of the Bring Your Own Device technology by the small and medium sized industries incorporate threats to the data secured within the organization as there may be the cases that they might be using such devices that would include malicious applications (Rajeyyagari and Alotaibi 2018). Thus posing risk to the corporate network as the malicious application in the private devices o f the employees posses the potential to bypass the security thus, enabling them to access the network from within the company. Moreover, the poor security maintenance of the websites by the small and medium sized enterprises opens up to data theft by the attackers and the cyber criminal. SQL injection is one of the major threats to the organization among the other existing security threats that adversely affects the websites. It not only has its impact on the small and medium sized enterprises but also on the large sized business as well (Kerzhner, Tan and Fosse 2015). This threat allows the attackers to tamper and steal potential data and information from the database by utilizing the back end of the web applications. The hackers incorporate malicious code into the server database which includes the capability to extract potential and secured information thereby, posing security threats to the organizations. We can also say that the lack of cyber security knowledge also impart threat to the small and medium sized business and also increases the chances of the cyber security risks (Topping 2017). This can lead to data breaches as the employees would reveal the secured data due to the lack of cyber security awareness. The data breach can lead to tremendous loss to the company leading to loss of reputation and business profits. The computer security is of utmost importance for the small, medium as well as large business enterprises. The computer security incorporates the proper security maintenance of data such as to prevent the instances of data breaches (Schatz and Bashroush 2016). The impact of data breaches lead to the decrease in revenue of the organization as well as implementing the regulatory penalties. It may also lead to the loss of the confidence of the customers. It may also lead to reputation damage and also leads to serious impact on innovation and loss of prototypes and product design. According to the cyber security report 59% of the organizations become vulnerable to the cyber security threats (Champbell 2018). Moreover, we can also say that due to the lack of awareness of the cyber security and information security there has been a tremendous increase in the data breaching activities. The small and medium sized organizations that are under security threats are also vulnerable to the reputa tional damage. According to the researchers, about 49% of the organizations are victim to the loss of reputation due to leakage of data ( Skroupa 2018). It leads to the loss of customers and decrease in the business as they lose the confidence of the customers. The impact of loss of security extends to the financial losses as well. The financial losses incurred by the small and medium sized organizations may extend to an average amount of $38000 such that they could recover from a single data breach (Skroupa 2018). Thus, we can see that the data breaches have huge impact on the small and medium sized organizations. Moreover, there are monetary penalties incorporated with the cases of data breaches. These penalties are incorporated on those organizations who fail to prevent data breaches. The penalty imposed on the organizations also leads to the financial losses of the organization. Thus, with the above discussion it can be inferred that there is a huge need for International Information Security Standard for Small Medium Enterprises as the after effects of Information Security breaches are far more adverse and pose a negative impact on the small as well as medium sized organizations. We also mentioned the devastating effects of the data breaches on the organizations. It may cause huge financial loss and loss of reputation. Moreover, the penalty issues also demand great concerns and demand for International Information Security Standard. The data breaches impart various threats and vulnerabilities to the small medium sized organizations such as denial of service attacks, phishing attacks including spear phishing. These attacks lead to data breaches and loss of customers. Moreover, the usage of the risk mitigation techniques provides protection against data breaches but still there is a huge need for the introduction of International Information Security Standard References Ab Rahman, N.H. and Choo, K.K.R., 2015. A survey of information security incident handling in the cloud.Computers Security,49, pp.45-69. Champbell, N. (2018).Forbes Welcome. [online] Forbes.com. Available at: https://www.forbes.com/sites/edelmantechnology/2017/10/11/cyber-security-is-a-business-risk-not-just-an-it-problem/#3108aaf57832 [Accessed 27 Mar. 2018]. Janakiraman, R., Lim, J.H. and Rishika, R., 2018. The Effect of Data Breach Announcement on Customer Behavior: Evidence from a Multichannel Retailer.Journal of Marketing. Kerzhner, A.A., Tan, K. and Fosse, E., 2015. Analyzing cyber security threats on cyber-physical systems using Model-Based Systems Engineering. InAIAA SPACE 2015 Conference and Exposition(p. 4575). Martnez-Prez, B., De La Torre-Dez, I. and Lpez-Coronado, M., 2015. Privacy and security in mobile health apps: a review and recommendations.Journal of medical systems,39(1), p.181. Skroupa, C. (2018).Forbes Welcome. [online] Forbes.com. Available at: https://www.forbes.com/sites/christopherskroupa/2017/07/11/cyber-security-effects-company-financial-performance/#18e8b5185c09 [Accessed 27 Mar. 2018]. Peltier, T.R., 2016.Information Security Policies, Procedures, and Standards: guidelines for effective information security management. CRC Press. Rajeyyagari, S. and Alotaibi, A.S., 2018. A study on cyber-crimes, threats, security and its emerging trends on latest technologies: influence on the Kingdom of Saudi Arabia.International Journal of Engineering Technology,7(2.3), pp.54-58. Romanosky, S., 2016. Examining the costs and causes of cyber incidents.Journal of Cybersecurity,2(2), pp.121-135. Schatz, D. and Bashroush, R., 2016. The impact of repeated data breach events on organisations market value.Information Computer Security,24(1), pp.73-92. Simpson, M.D., 2016. All Your Data Are Belong to Us: Consumer Data Breach Rights and Remedies in an Electronic Exchange Economy.U. Colo. L. Rev.,87, p.669. Topping, C., 2017. The role of awareness in adoption of government cyber security initiatives: A study of SMEs in the UK.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.