MANAGING INFORMATION SECURITY IN SMALL AND MEDIUM SIZED ENTERPRISES: A HOLISTIC APPROACH

Posted on Updated on

Identified challenges affecting the execution of information security management in SMEs were discussed in this paper with an approach to aid the growth and adoption of ISM Systems based on the Soft Systems Methodology. Also a case study was given to demonstrate the effectiveness of the proposed approach and the stages of the approach was explained diagrammatically.

A Larger part of the Global Economic Movement is constituted by  SMEs and as a result of the  varying characteristics of these enterprises; the approach to information security management for larger organisations cannot suffice for SMEs which is why Tawileh et al (n.d) proposed an approach.

Raising awareness of the consequences of Information security problems in SMEs alone cannot solve the problem as physical resources, time and a reasonable level of technical expertise must also be put together . I concur to  Tawileh et al’s argument  that the available approaches were designed specifically without having SMEs in mind since they may not be able to afford the cost implication of solving Information Security Problems.

Below listed are some of the many challenges hindering the development of information security within SMEs

LIMITED FUNDS- They are not financially strong enough to bear the cost of solving Info. Sec. problems,

TIGHT BUDGETS- They have budgets already for running their organisation which cannot allow additional cost

LIMITED HUMAN RESOURCES- Their staff strength is low compared to larger Organisations

UNSTABLE BUSINESS ENVIRONMENT- Due to the pressure from competition, the business environment is ever-changing.

The holistic approach to information security management avoids the limitations of previous methods and is based on four stages:

Define goals- This has to do with defining the objectives they seek to achieve by the proper management of Information Security.

Identify Actions- This is the process of listing out the strategies intended to help solve the challenges facing SMEs and aid proper management of Information Security.

Implement and Monitor- This is the stage where the identified strategies are put to action and are constantly monitored to determine its effectiveness

Review – This is the final stage where evaluation is performed upon determined effectiveness to ensure its integration

A case study was used to  illustrate the effectiveness of this approach in identifying required actions to be taken and allocating responsibilities. It was carried out in a short time and with little financial investments proving the capability of the method for SMEs.

REFERENCE

Tawileh, A., Hilton, J., McIntosh, S., (n.d). Managing Information security In Small and Medium Sized Enterprises: A Holistic Approach.  Retrieved 04 March , 2013 from <http://www.tawileh.net/anas/files/downloads/papers/InfoSec-SME-ISSE.pdf?download>

This entry was posted in INFORMATION SECURITY IN SMEs, WHAT THE PAPERS SAY, WHAT THE PAPERS SAY and tagged , .

Leave a comment