Essay about The Need for Information Security Management for Small to Medium Size Enterprises

Words: 4578
Pages: 19

The Need for Information Security Management for Small to Medium Size Enterprises
ICT 357 Information Security Management
Leong Yuan Zhang
31741147
Trimester 1
Murdoch University

Contents Abstract 2 Introduction 2 Justifying The Need for Sound Information Security in Any Organisation 2 Linking Business Objectives with Security 3 Incident Response Management and Disaster Recovery 4 Mobile Device Security Managment 5 Biometric Security Devices and Their Use 6 Ethical Issues in Information Security Management 7 Security Training and Education 7 Defending Against Internet-Based Attacks 8 Industrial Espionage and Business Intelligence Gathering 9 Personnel Issues in Information Security 9 Physical Security Issues in Information
…show more content…
Proctor also provided a table which list down the common security roles and the ideal personnel to handle it:

Table 1

Linking security with business visions is also important as it would allow for better persuasion to the top managements to approve or push through with security purchases, master plans or policy changes. To achieve this, the motion put forth must undergo a 5 step structured framework - assess, analyse, strategize, align and communicate.

Assess the company's current and future security role so as to achieve a good understanding of the current security model. Details on the security capabilities within the employees, processes and current technologies should be documented properly for the next step to be carried out with more accuracy.

After collecting the raw data, using analytical tools and method to conduct a security gap analysis will show the differences between the current security model and the preempted requirements. With a clear overview of what needs to be do, next phase planning can be done to piece together to form a viable and strong strategy. Executives and managers at all levels must understand the new steps that are to be undertaken for the new strategy. Such communications may be more effective in SMEs than larger organisations as the members of the security planning may be key personnel that are required to participate rather than a separate IT security team (PricewaterhouseCooper).