Need for an International Information Security-Free-Samples

Question: Discuss about the need for an International Information Security Standard for Small Medium Enterprises. Answer: The need for an International Information Security Standard for Small Medium Enterprises The information security standards help SME to keep their informational assets secured. It helps the organization to manage security and privacy of assets like the financial information, details of employee, intellectual property and other confidential data. Into the small medium enterprise (SME), there is adoption of information security standards which is beneficial factor to foster growth, competiveness as well as innovation (Janulevicius et al. 2017). The information security standards mitigate the information security risks which becomes a threat to privacy. The users are more concerned regarding the handling of data to the business as well as trust of the customers. Skolmen and Gerber (2015) discussed that information security framework is such a series of documented processes which are used to define policies as well as procedures around implementation of information security controls. This particular framework is blueprint to build the program for information security for man aging of risks as well as reduction of vulnerabilities. Panjwani, Jantti and Sormunen (2016) argued that the security frameworks are used to solve the issues related to information security to meet with customized requirements of the SME. Drivers to pursue information security and privacy standards Luhach, Dwivedi and Jha (2014) stated that adoption of information security standards indicate that the organization is being committed to implement security mechanisms to protect the data. Implementation, maintenance as well as enforcement of the internal policies throughout use of standards are effective mean to show commitment with the organizational regulations. Saa et al. (2017) discussed the drivers to pursue of information security as well as privacy standards. SME suffers of severe impacts on the information systems as well as networks that can lead to negative business effects. Scharnick, Gerber and Futcher (2016) argued that adoption of the information security standards is effective means to mitigate the risks. Among the internet users, the risks are raised into the online transactions such as mistrust of the personal data in addition to security of the online payments. The users are concerned at the time of handling of data to the business. The customer trust is a relevan t decision factors which provide advantage to the SME. In case of SME, there is need to express compliance with the information security as well as requirements of privacy. Failure to comply with the business requirements provide a negative impact as well as long term consequences into the business of SME. Da Xu, He and Li (2014) discussed that the information security standards offer significant competitive advantage to the SME by improving over the products as well as services the organization offers. When SME adopts of information security standards, then the customers constitute to the competitive advantage when deals with the corporate clients from private as well as private sector. Barriers to adopt SME of information security standard Terzi, Terzi and Sagiroglu (2015) illustrated the barriers to adoption of SME of information security standards which are developed as well as published by the international standards development organization. The SME uses the EU level to identify which of the standards are suitable for the organization to secure information and data. Most of the SME are aware of the ISO/IEC27000 series. SME is facing of difficulties with identification of standards which meet with the business needs. Heikkila et al. (2016) told that SME stores, processes and transmits the cardholder as well as personal data which are not aware of the specific obligations. The information security along with privacy risks are transformed into relevant issues into the organization that require of attention from side of management. Into the current economic environment, SME is required to be focused on efforts to stay competitive into core operations, expand into dynamic business atmosphere. Luhach, Dwivedi and Jha (20 14) stated that achievement of growth, innovation through use of new technologies in addition to corporate governance is the top priorities of the European SME. SME is required to achieve growth with the limited resources that are required to allocate by taking account of strict time as well as budget. SME is relied on the ICT system for supporting the business processes, business size which justifies employment of dedicated individuals for the ICT functions. SME decides to internalize ICT services for outsourcing them. In case of outsourcing of the ICT services, there is lack of internal knowledge into the information security with providers of the customer security features. Al-Ghofaili and Al-Mashari (2014) argued that limited access to the capabilities of information security constitutes to the vulnerabilities for SME. Da Xu, He and Li (2014) defined that for adoption of information security standards, it is required to allocate information security roles to particular employees. The security roles are needed to manage the standards, and it is beyond human resources of SME. Implementation of information standards is time consuming where limited staffs are assisted with deployment and maintenance of the compliance. SME are aware of the potential impacts of the disrupted business services due to the technical incidents and how risk management protects from the threats as well as vulnerabilities applicable to the information assets (Skolmen and Gerber 2015). Adoption of information security standard is a key significant tool to develop structured approach for mitigation of risks, risk environment organization is required to adopt of best standards. Terzi, Terzi and Sagiroglu (2015) concluded that framework of risk management as well as implementations guidelines to the small organizations can enable as well as support them. The ongoing issue for the organizations are that it is not enough guidance based on the specific controls they implement to compliant with the personal data protection laws. Da Xu, He and Li (2014) concluded that there are barriers to the information security standards are related to the implementation aspects. It is difficult for the non-technological SME to comprehend. There is also a concern that that the language used includes of complex for the SME at the early stages of the adoption process (Panjwani, Jantti and Sormunen 2016). SME are also unaware of flexibility that the information security standards provide based on implementation as well as monitoring of controls. Recommendations to increase level of adoption of information security standards This study also proposed recommendations to facilitate adoption process of the information security standards by the small businesses. The recommendations is provided based on five domains such as increase into knowledge as well as engagement, provide mechanism to foster the standard adoption by the SME throughout regulatory compliance, facilitating of standards implementation and fostering cooperation with the stakeholders to improve information security standardization for SME. The SMEs are recommended to use of ISO/IEC 27000 standards which is popular standard provides requirements for SME information security management system. It is systematic approach for managing sensitive companys information such that it will remain secured. ISO 27000 information security standard was being developed by international standard organization. It is provided with framework which is applied to various types in addition to size of organizations. Due to adoption of ISO/IEC 27000 standard, SME solve s their security related problems and prevents to raise any security related issues. This particular framework includes of physical as well as technical controls which are involved into the organizational risk management processes. References Al-Ghofaili, A.A. and Al-Mashari, M.A., 2014, August. ERP system adoption traditional ERP systems vs. cloud-based ERP systems. InInnovative Computing Technology (INTECH), 2014 Fourth International Conference on(pp. 135-139). IEEE. Da Xu, L., He, W. and Li, S., 2014. Internet of things in industries: A survey.IEEE Transactions on industrial informatics,10(4), pp.2233-2243. Heikkil, M., Rtty, A., Piesk, S. and Jms, J., 2016, June. Security challenges in small-and medium-sized manufacturing enterprises. InSmall-scale Intelligent Manufacturing Systems (SIMS), International Symposium on(pp. 25-30). IEEE. Janulevi?ius, J., Marozas, L., ?enys, A., Goranin, N. and Ramanauskait?, S., 2017, April. Enterprise architecture modeling based on cloud computing security ontology as a reference model. InElectrical, Electronic and Information Sciences (eStream), 2017 Open Conference of(pp. 1-6). IEEE. Luhach, A.K., Dwivedi, S.K. and Jha, C.K., 2014, December. Applying SOA to an E-commerce system and designing a logical security framework for small and medium sized E-commerce based on SOA. InComputational Intelligence and Computing Research (ICCIC), 2014 IEEE International Conference on(pp. 1-6). IEEE. Panjwani, M., Jntti, M. and Sormunen, J., 2016, September. IT Service Management from a Perspective of Small and Medium Sized Companies. InQuality of Information and Communications Technology (QUATIC), 2016 10th International Conference on the(pp. 210-215). IEEE. Saa, P., Moscoso-Zea, O., Costales, A.C. and Lujn-Mora, S., 2017, June. Data security issues in cloud-based Software-as-a-Service ERP. InInformation Systems and Technologies (CISTI), 2017 12th Iberian Conference on(pp. 1-7). IEEE. Scharnick, N., Gerber, M. and Futcher, L., 2016, August. Review of data storage protection approaches for POPI compliance. InInformation Security for South Africa (ISSA), 2016(pp. 48-55). IEEE. Skolmen, D.E. and Gerber, M., 2015.Protection of personal information in the South African Cloud Computing environment: A framework for Cloud Computing adoption(pp. 1-10). IEEE. Terzi, D.S., Terzi, R. and Sagiroglu, S., 2015, December. A survey on security and privacy issues in big data. InInternet Technology and Secured Transactions (ICITST), 2015 10th International Conference for(pp. 202-207). IEEE