GENERAL BLOG POSTS
MY REFLECTION ON THE BLOCK TEACHING
Image Posted on Updated on
I enjoyed every bit of the lecture sessions as the lectures were very engaging. We learnt about CLOUD COMPUTING and the class was divided into groups for further discussions on the topic after which each group gave a presentation of their reflections. One brainstorming question that got the class uproar is WHO GOVERNS THE CLOUD? A lot of responses were generated from this question ranging from Individual, to Organizations, the Government etc.
A touching part of the block is the reflection on how to make the internet more accessible for Paraplegic Olympians. We worked in groups also and each group discussed different factors like political, Economic, Technological, and so on. My group discussed the Customer needs and we responded actively.
Another interesting session is the LEGO introduced by Dr. Marie. We were to construct different innovative ideas we have. The whole essence of this is to how IT innovative we can and the potentials that exist on our subconscious
.
WEBINAR BY KEN KLIKA- INFORMATION SECURITY IN SMEs
Video Posted on Updated on
This webinar teaches how to improve the efficiency and availability of IT resources and applications through virtualization and discover how you can leverage technologies used in enterprise-class data centers, and reap the benefits of virtualization and cloud computing at an affordable price.
INFORMATION SECURITY BEST PRACTICES FOR SMALL BUSINESSES BY WARD BUCHANAN- Part 1
Video Posted on Updated on
This Video by Ward Buchanan stresses Stresses the need for effective Information Security in SMEs. He said many small Business owners think they do not need to invest in Information Security because it is expensive, does not reduce their operating cost and does not generate revenue in any way but his response is that not been Information Security conscious has the potential to ruin the whole business so it is left to Business owners to decide wisely.
He further said “in this age where cyber crime has grown at an enormous rate, it is not an option not to have protection in place”. Adding that the level of IS in any SME should be commensurate with the level of business they are doing because different types of business collect and store different types of data e.g health care businesses are expected to store patient information and therefore need to protect and ensure patience’s privacy or risk facing legal battles for leaking patient health information. He listed out possible threats are outlined such threats include:
• Computer Viruses
• Identity theft,
• Data loss,
• Employee fraud and theft
• Loss of physical equipment
The impact these threats can have on the business amongst others are also iterated below
• Loss of Proprietary Information
• Loss of Financial Information
• Loss of customer information and confidence
• Litigation
• Penalties- Government penalties for not taking efficient pre-emptive measures.
Listed below are the requirements to be considered for determining the security model that should be adopted by the businesses
• Describe the business and what it does
• Define activities that support business
• Identify information required by the above activities
• Classify information sensitivity
• Identify those who need access to the information
• Identify impact for applicable laws
• Identify and evaluate risks and actions to be taken
Everyone needs to be involved and know the need for security, Hence these steps are to be followed in implementing Information Security
• Designate who is responsible for managing security
• Secure your physical location
• Set up secure storage space
• Get employees to sign non-disclosure agreements
• Install network security components
REFERENCE:
Ward B, (2010). Available on youtube, Retrieved on 07 March, 2014 from
CLOUD COMPUTING & SMEs IN UK- A REPORT FROM THE CLOUD STEWARDSHIP ECONOMIC GROUP PROJECT
Iffatt Gheyas and Bruce Hallas, the authors of this report states their findings on a survey carried out in SMEs in the UK exploring fresh insights about the adoption and use of cloud computing. These SMEs of which only 93 responded to the survey were categorized based on their annual turnover rate, years of operation, staff strength, number of their operating locations within the UK and without.
Key findings from this research include the following:
- SMEs with a relatively low annual turnover of under £100k are relying more heavily on IT & cloud computing to sustain and grow than any other organizations.
- Priority areas for IT investment (a key strategic resource) are Operations, Marketing and Sales.
- All respondents hold access or process personal and commercially sensitive information about their clients or clients‘customers.
- In most SMEs, Director/ Chief Executive/Business Owner is responsible for information security and for identifying threats. It means that SMEs are fully aware of the importance of cyber security and understand the concerns of various governments and customers about security.
- Our brief survey suggests that, in spite of their awareness of the prevalence of information security risks and its impact on the business, most of them are not following the IT security best practices.
- Almost half of the small local businesses with annual turnover less than £100k do not have an information security policy.
- A significant majority of the SMEs surveyed do not have a business continuity policy plan and have never assessed the impact of a breach of confidentiality and/or availability would have on their businesses cash flow, profitability and reputation.
- Most SMEs choose price over security.
- The majority of SMEs see Data Retention Policy‘ and Terms & Conditions of Supply‘ as the most important criteria for the BPO vendor selection process.
- An overwhelming majority of respondents, regardless of class characteristics, view ―Legal system which governs SME‘s relationship with their supplier‖ as the most critical success factor for IT outsourcing.
- Companies with higher earnings prefer single vendor solutions, while companies with lower earnings prefer multi-vendor outsourcing.
MY REFLECTION
From this report it is obvious that SMEs with relatively low annual turnover are using cloud computing more intensively than SMEs with a higher level of turnover which negates the postulation of Kelly L, (2014) that “SMEs face the same information security threat as larger enterprises but without their budgets”. Many authors are of the opinion that financial Incapacitation is the main reason why SMEs do not invest in Information Security which may be right. Nevertheless, this report based on a valid survey shows that SMEs are aware of Information Security and beyond lack of finances they just decide not to invest in it because they feel it is not cost-effective.
REFERENCES:
Gheyas, I. and Hallas, B. (2011). Cloud computing and SMEs in UK. Retrieved on 05 March 2014, from< https://www.iisp.org/imis15/CMDownload.aspx?ContentKey=c0d6c3b7-81db-4c64-b9ec-a5e028aea4fd&ContentItemKey=f5a4ded3-937e-4f60-8933-cf1ed948640b>.
Kelly, L. (2014). ComputerWeekly.com. The Top 5 SME Security Challenges. Retrieved 05 March, 2014 from < http://www.computerweekly.com/feature/The-top-five-SME-security-challenges>
EU SMES IN 2012: AT THE CROSSROADS. ANNUAL REPORT ON SMALL AND MEDIUM-SIZED ENTERPRISES IN THE EU, 2011/12
The European Union faced challenging economic conditions in 2011/12, with an intensifying sovereign debt crisis in the euro zone, the spectre of double-dip recession for several countries and weakening growth in even the better performing nations. Throughout the downturn, however, SMEs have retained their position as the backbone of the European economy, with some 20.7 million firms accounting for more than 98 per cent of all enterprises, of which the lion’s share (92.2 percent) are firms with fewer than ten employees. For 2012 it is estimated that SMEs accounted for 67 per cent of total employment and 58 per cent of gross value added (GVA)1. These figures point to a virtual standstill as compared to the preceding year, 2011. With more than 87 million person employed the EUs SMEs continue to be the backbone of the EU economy. However, the difficult economic environment continues to pose severe challenges to them. This is also reflected in the key findings of the report:
1. With the EU economy threatening to dip into recession again, SMEs in the EU as a whole continue to struggle to recover to pre-crisis levels of value added and employment. Yet, SME performance varies considerably among Member States.
2. SMEs in Austria and Germany have exceeded their 2008 levels of gross value added (GVA) and employment in 2011. SMEs in Belgium, Finland, France and Luxembourg have, on average, experienced an anaemic performance since 2008. In the other 20 Member States, SMEs have been so far unable to bounce back to their pre-crisis levels of either GVA or employment.
3. A number of factors explain why in very few countries SMEs have recovered well. First, it appears to help if an economy, such as the Germany’s, is strong in high-tech and medium high-tech manufacturing and knowledge-intensive services. Second, sectoral labour productivity levels are higher when the sector shows higher investment rates, higher export rates, and when the sector belongs to high-tech and medium high-tech manufacturing and knowledge-intensive services. Again, Austria and Germany have generally met these conditions. Third, the real value added growth in these best performing Member States is a result of both employment growth -boosting aggregate demand- and real productivity growth, with the contribution of the former being clearly the dominant one.
4. As regards the industrial picture, most sectors experienced a recovery in GVA growth for SMEs in the EU combined with declining or flat SME employment (overall remaining at much lower than the pre-crisis levels of 2008). The sole exceptions were trade, transportation and services. SMEs operating in the mining & quarrying performed least well.
5. Notwithstanding some positive effects on labour productivity, the main result of these trends is a ‘jobless growth’ for the EU’s SMEs.
REFERENCE:
Wymenga P., Spanikova V., Barker A., Konings J., and Canton Erik (2012). EU SMEs in 2012: at the crossroads. Annual Report on Small and Medium-sized Enterprises in the EU, 2011/12. Retrieved on 5 March, 2014 from <http://ec.europa.eu/enterprise/policies/sme/facts-figures-analysis/performance-review/files/supporting-documents/2012/annual-report_en.pdf>
THE TOP FIVE SME SECURITY CHALLENGES
SMEs encounter the same data security danger as bigger ventures yet without their plans. Bits of knowledge on the best way to make SMEs more secure without utilizing unmanageable and old fashioned systems. Consistent with the article, the five significant tests confronted by SMEs
THE CLOUD SECURITY RISK FOR SMEs
The cloud is a technology many SMEs are interested in because of the benefits of flexibility, pay-for-use and reduced hardware investment. But there remain questions over its security.
David Lacey, director of research at the Information Systems Security Association (ISSA-UK) said the cloud is a good solution for SMEs if they choose professional, reliable service providers. Who’s responsible for security in the cloud? It is a personal decision, but all should be very wary of putting personal information into the cloud.
SECURITY REGULATION COMPLIANCE FOR SMEs
Compliance is a painful process for many SMEs. However, there is no avoiding compliance, even if it does not necessarily lead to better security. Compliance is about covering yourself, passing on the problems and ticking all the boxes.
The tick-box culture large companies perpetuate and wrap up in corporate speak is meaningless for SMEs but they should work with trusted advisors on compliance. SMEs should try to understand where their assets are and focus security controls there.
However, the main benefit of compliance is to get the attention of the board, because the CEO must sign a top-level policy document to ensure confidentiality and integrity to comply with standards such as ISO 27000.
THE CHANGING SME THREAT LANDSCAPE
Like many IT security firms, Dell SecureWorks is constantly surveying the changing threat landscape. Coburn said SMEs are increasingly being targeted, but many believe they are under the radar and not in the sights of cyber criminals.
Malware is becoming more sophisticated. Aurora and Stuxnet are very sophisticated, all targeted at siphoning financial information.
It was put forward that a very good method to create awareness for SMEs is through:
SECURITY EDUCATION AND TRAINING FOR SMES
Constant education and training around IT security is necessary to help reduce human error.
There’s nothing the industry can do to solve the problem. Human error lets security down. Most secure organizations spend time and money on staff and until SMEs begin to train awareness, they are not secured. Common sense only becomes common sense when you know the right thing to do.
ISSA5173 SECURITY STANDARD TARGETS SME NEEDS
To combat some of the issues SMEs face, the Information Systems Security Association (ISSA-UK), where Lacey is director of research, is creating a new security standard for small businesses, called ISSA5173.
SMEs are different from large organisations, not in security threats which are the same, but more in the way they operate. SMEs don’t need paper and labour-intensive controls that big companies like. The new standard suggests looking at policies, procedure and education. The pressure on SMEs is to grow their business and security is often low on the to-do list.
Meanwhile, the security landscape has changed out of all recognition with the impact of the internet and an increasingly mobile workforce, which has transformed the way people communicate. The future of security is complex as we are facing a data Tsunami with a 60% growth in mobile data. The threats are more sophisticated, data breaches more damaging, users have left the buildings and the applications have followed. There has been an increase in data legislation around the world because it is citizen-friendly and cheap, but reliance on standards and a herd-mentality towards security is leading to a world of compliance and policies, which does not necessarily improve security, said Lacey.
REFERENCES:
Computerweekly.com (2014). The Top Five SME Security Challenges. Retrieved on 5 March, 2014 from < http://www.computerweekly.com/feature/The-top-five-SME-security-challenges>
THE CLOUD DIVIDEND: ECONOMIC BENEFITS OF CC TO BUSINESS AND THE WIDER EMEA ECONOMY
This is a summary of the report on and results of an independent study to quantify the economic benefits of cloud computing to business and to Europe’s five largest economies (in alphabetical order, France, Germany, Italy, Spain and the UK). The study was undertaken by Centre for Economics and Business Research Ltd (Cebr) on behalf of EMC, a global commercial technologycompany, providing systems, software and services to its business clients and the following were discovered:
- The widespread of Cloud Computing adoption has a potential to generate over €763 billion worth of collective financial benefits in years 2010 – 2015, across the five economies.
- A forecasted yearly economic benefit in excess of €177 billion by 2015, which involves a 23.2% share of collective benefits over a six year period and this would cause a high amount of workload to Cloud service providers and customers.
- An excess of 2.3 million net jobs (direct and indirect) created between 2010 – 2015 on a collective basis and CC adoption could yield 446 thousands new jobs annually by 2015 across the five economies.
What this study shows is that, not only is cloud computing an important issue from the micro perspective of boosting the efficiency of individual companies’ IT investment and, hence, general corporate productivity, but also that, especially in the present uncertain economic climate, it will also be a critical macroeconomic factor that is crucial for boosting Europeʹs economic growth. As such, the study is an important contribution outlining one of the most important ways that European economies can revive and emerge from the economic crisis.
From the above it is evident that the benefit of cloud computing is changing the turnover for Organizations and more to come in the next few years which means CC has come to stay and not just that to improve the operations/activities of Organizations that adopt it whether Smes or large.
REFERENCE:
UK. Centre for Economic and Business Research (2010). The Cloud Dividend: Part One. The economic benefits of cloud computing to business and the wider EMEA economy. France, Germany, Italy, Spain and the UK. Retrieved on 04 March, 2014 from < http://uk.emc.com/collateral/microsites/2010/cloud-dividend/cloud-dividend-report.pdf>
MY REFLECTION ON ADVANCED PERSISTENT CYBER THREATS IN ORGANIZATIONS
No matter the size of an organization whether large or SMEs, advanced cyber-attacks such as Advanced Persistent Threats, represent a credible threat and risk to the organization and Information Security officers must address the risk these adversaries pose to their organization.
A four-step process for countering advanced cyber attack which is a big Information Security Challenge is provided below by The CISO’s Guide to Advanced Attackers (2012).
- Gather intelligence
- Mine for cyber threat indicators
- Respond to information security alerts
- Break the “kill chain” or cyber-attack process
I posit that beyond the Financial Incapacitation challenge that has been identified as a major reason for SMEs not being able to tackle IS issues, corrective measures like the above listed should be adopted instead of focusing on the assumed complexities.
REFERENCE:
The CISO’s Guide to Advanced Attackers (2012). Retrieved on 05 March, 2014 from < http://go.secureworks.com/lp-ciso-guide-advanced-attackers>.
KNOWLEDGE MANAGEMENT- GROUP PRESENTATION
Video Posted on Updated on
The above video is group Alpha’s presentation on KNOWLEDGE MANAGEMENT in which I was a member of the group and we were awarded the best. What we discussed basically are: Key concepts/theories of KM, Examples of of Organizations that have used KM effectively and also findings through an information artefact.
Knowledge Management is a concept that arose about two decades ago, roughly in 1990 and it simply means organizing an organization’s information and knowledge holistically. Very early on in the KM movement, Davenport (1994) offered the still widely quoted definition:
“Knowledge management is the process of capturing, distributing, and effectively using knowledge.”
A few years later, the Gartner Group created another second definition of KM, which is perhaps the most frequently cited one (Duhon, 1998):
“Knowledge management is a discipline that promotes an integrated approach to identifying, capturing, evaluating, retrieving, and sharing all of an enterprise’s information assets. These assets may include databases, documents, policies, procedures, and previously un-captured expertise and experience in individual workers.”
Both definitions share a very organizational, a very corporate orientation which is primarily about managing the knowledge of and in organizations.
I will not forget to add that the basis of any derivable knowledge started from DATA which underwent some PROCESSES to become understandable INFORMATION.
There are three categories of Knowledge which are Explicit, Implicit and Tacit Knowledge.
Explicit Knowledge has to do with information that is set out in tangible form.
Implicit Knowledge has to do with information that is not set out in tangible form but could be made explicit.
Tacit simply means Knowledge in one’s head that one would have extreme difficulty operationally setting out in tangible form (Koenig E. D., 2012).
Other KM issues are discussed in the presentation above.
REFERENCES:
Davenport, Thomas H. (1994). Saving IT’s Soul: Human Centered Information Management. Harvard Business Review, March-April, 72 (2)pp. 119-131. Duhon, Bryant (1998), It’s All in our Heads. Inform, September, 12 (8).
Koenig E. D., (2012). What is KM? Knowledge Management Explained. Retrieved on 04 February, 2014 from < http://www.kmworld.com/Articles/Editorial/What-Is-…/What-is-KM-Knowledge-Management-Explained-82405.aspx>.
An Integrative Study of Information Systems Security Effectiveness in SME’s
Organizations are increasingly relying on information systems (IS) to enhance business operations, facilitate management decision-making, and deploy business strategies. The dependence has increased in current business environments where a variety of transactions involving trading of goods and services are accomplished electronically and as organizations become increasingly dependent on IS for strategic advantage and operations, the issue of IS security also becomes increasingly important.. Increased organizational dependence on IS has led to a corresponding increase in the impact of IS security abuses. While such a trend would suggest IS security as a key management issue, this has not been the case in practice.
In the interconnected electronic business environment of today, security concerns are paramount. Management must invest in IS security to prevent abuses that can lead to competitive disadvantage. Using the literature on security practices and organizational factors, this study develops an integrative model of IS security effectiveness and empirically tests the model. The data was collected through a survey of IS managers from various sectors of the economy. SMEs were found to engage in fewer deterrent efforts compared to larger organizations. Organizations with stronger top management support were found to engage in more preventive efforts than organizations with weaker support from higher management. Financial organizations were found to undertake more deterrent efforts and have stiffer deterrent severity than organizations in other sectors. Moreover, greater deterrent efforts and preventive measures were found to lead to enhanced IS security effectiveness (Kankanhalli A., et al., 2009).
Risk analysis is the predominant technique used by information security professionals to establish the feasibility of information systems controls. Yet it fails an essential test of scientific method it lacks statistical rigour and is subject to social misuse. Adoption of alternatives from other disciplines, however, proves even more implausible. Indeed, even improved rigour in risk analysis may limit its usefulness. Perhaps risk analysis is misconceived: its ostensible value as a predictive technique is less relevant than its value as an effective communications link between the security and management professionals who must make decisions concerning capital investments in information systems security (Baskerville R., 1991).
REFERENCES:
Baskerville R., (1991). Risk analysis: an interpretive feasibility tool in justifying information systems security. European Journal of Information Systems (1991) 1, 121–130. doi:10.1057/ejis.1991.20. Retrieved on 28 February 2014 from <http://www.palgravejournals.com/ejis/journal/v1/n2/abs/ejis199120a.html >
Kankanhalli A., Hock-Hai T., Bernard C.Y., Kwok-Kee W., (2009). An Integrative Study of Information Systems Security Effectiveness. International Journal of Information Management Retrieved 0n 28 February 2014 from http://www.researchgate.net/profile/Hock_Teo publication/222417677_An_integrative_study_of_information_systems_security_effectiveness/file e0b495265c7016604b.pdf
MSCISSUSANCOLE 