International Information Security for Small Medium Enterprises

Write a reflective practice essay on Need for International Information Security Standard for Small Medium Enterprises.


The organisations of different sizes depend upon information technology and the networks for operation processes. There are different requirements and it is necessary to ensure that the data and the system are protected in a correct way against the security breaches. It has been found that there is no such evidence to suggest that the different types of security practices are held properly in the small and medium enterprise environment.  It can be said that the growth of internet for the small and the medium enterprises is considered to be a growing problem. The Department of Trade and Industry(2004) highlighted that more than 74% respondents has responded to the security problem in different years and this has damaged the business reputation as well as caused discontinuity in the business problem (Dimopoulos et al. 2004). The organisations that were dependent on internet were exposed and more than 78% of the organisations were ensured that they were protected and thus different approaches were used in risk assessment. This paper will highlight the need of international information security for small and medium enterprises. It will draw different literatures and also discuss my opinion on the particular topic.


It is vital to establish a security system because with the passage of time new threats and vulnerabilities have been discovered on a daily basis and this has helped in assessing the different types of risks that is exposed to the organisations. It is necessary for the organisations to be sure that they have an appropriate and proper appreciation system that will help in protecting their assets as well as saving the vulnerabilities accordingly. This is possible with the help of risk assessment and thus it can be defined as the analytical and the systematic process that is used for the assessment of the threats and thus it lays impact on the vulnerability process and the information processing facilities with the possible likelihood of occurrence of that particular problem (Kluge and Sambasivam 2008). The process of risk management is associated with identification, selection and proper implementation of the various countermeasures that are beneficial for reducing the identified levels of threats in the organisation. There are different steps involved in the identification and protection of threats and these are related to different assets.  The importance and value of risk assessment is recognised and there are significant proportions of different companies that do not perform different types of risk assessment and thus it suggests the likelihood and the possibility of the problem that is to be assessed. 
There are different drivers of mitigating the information security risks and this are related to the adoption of information security and the different privacy standards that are used effectively in mitigating the risk. On the other hand, the threats to different kind of information privacy as well as security will vary from the inadvertent events to different kinds of deliberate attacks that pose risk to the small and the medium enterprises. On the other hand, I think that it increases the trust of the consumers because the users are much more concerned in handling the data and thus trust plays an important role in the decision making process in the organisation. There must also be adoption of better standards and this indicates that the customers are committed for the development of the organisation in the long run. They also help in enforcing the different types of security mechanisms that plays an important role in protecting their data (Yeboah-Boateng and Essandoh 2014). 
According to Ernest Chang and Ho (2006), the different security products or technology cannot play an important role in protecting the organisation without better management implementation as well as policies. It can be said that information security is not considered to be a primary technical problem for the different organisations but it is considered to be an important management issue. It is restricted by different factors and it is the responsibility of the organisation to work in accordance with the business partners with the help of different communication networks. During the data exchange process, there must be no security problems and a proper information strategy is necessary in this case. Dojkovski et al. (2007) has stated that the small and the medium enterprises are in a disadvantageous position in the development of secured employee behaviour. There must be strong and proper information security culture in the SME’s and this may be due to the behavioural issues in the organisation. There are certain conceptual frameworks in different organisations that helps in the development of information security culture that are fragmented and preliminary for every organisation. 
According to Subba Rao et al.(2003), it has been stated that the SME owners are not considered to be supportive of any type of information security neither in time or in budget. The SME’s that are based in the particular home country will not pay huge cost for security issues. There are some people who lacked specialised knowledge in different security technologies and it is necessary to retain this security and thus provide immediate convenience. On the other hand, it is also necessary to give higher priorities to the other business tasks and the SME’s reviews the necessary information security that is required in this case. Sultan(2011) has stated that the organisations also use different types of cloud based software for up gradation of IT technology and there must be continuous up gradation of the different software’s and hardware’s that are used in the entire system. There are many companies that are using the cloud computing services and thus they are able to take advantage of the new systems and processes at an affordable cost. There are different complexities faced by the organisation in computation of the cloud services and these are controlled by the vendors and appropriate security is provided to them accordingly.

Place Order For A Top Grade Assignment Now

We have some amazing discount offers running for the students

Place Your Order

Gupta, Seetharaman and Raj (2013) has stated that the small business enterprises employ the employees who has to work even outside the actual office location and there must be proper ease of access of the data. The finance and the accounting task are often outsourced to different organisations and even to the cloud computing devices. This will avoid continuous problem of the hardware and the small and the medium enterprises will try to use the cloud technologies and thus maintain the woes in the organisation. There must also be replacement of file transfer protocol in the different organisations and this is considered to be much easier than the other processes and systems. I can say that this cloud approach will help in eliminating the different types of administrative overhead and also provide proper permission access from any particular location around the world. According to Eranest Chang and Lin(2007), it has been stated that information security is considered to be a vital concern for every organisations that are engaged in better security practices and thus remain proactively engaged for the day-to0day business operations. This plays an important role in the success of the organisation and the employees are considered to play the most important role in information security and practices. I think it is necessary to identify a reasonably and effective security control system that is considered to be very complex and complicated and thus it requires special resources in solving the complicated problem. 
According to Dimopoulos et al.(2004), it has been found that the environment of  SME’s are characterised by the lack of IT security system and there are many organisations who do not employ proper people in accordance with the size of the organisation. However, in some cases, it has been found that the organisations sometimes face serious difficulties in the incidents that take place and thus there lies no point of contact among the different organisations. I think that the different factors and the barriers plays an important role in pursuing the adoption of different standards and thus it will help in improving the information security and also standardize the different security level in the SME’s . There must be better public administrations and this will help in the development of the centralised catalogues with the available information and thus it will be applicable in case of SME’s. Moreover, I also find that the SME’s that are developing must try to build better information standards and thus promote in the participation of the development process that will help in enforcing the compliance standards and supply necessary information accordingly. 


Therefore, it can be said that there are different evidences and significance of the problem that are faced by the SME’s and thus it leads to unavoidable experiences that are considered to be a part of the risk assessment. However, in terms of recognizing the different constraints that are in terms of expertise, budget and awareness, it becomes difficult for the organisation to check whether the situation is improving or there must be some fundamental changes to the different approaches that are available in the organisation. Therefore, assessment of risk analysis and different types of methodologies will play an important role in eliminating the drawbacks and thus assisting the SME’s in the assessment of risks. 


Dimopoulos, V., Furnell, S., Jennex, M. and Kritharas, I., 2004, November. Approaches to IT Security in Small and Medium Enterprises. In AISM (pp. 73-82).
Dojkovski, S., Lichtenstein, S. and Warren, M.J., 2007, January. Fostering Information Security Culture in Small and Medium Size Enterprises: An Interpretive Study in Australia. In ECIS (pp. 1560-1571).
Ernest Chang, S. and Ho, C.B., 2006. Organizational factors to the effectiveness of implementing information security management. Industrial Management & Data Systems, 106(3), pp.345-361.
Ernest Chang, S. and Lin, C.S., 2007. Exploring organizational culture for information security management. Industrial Management & Data Systems, 107(3), pp.438-458.
Gupta, P., Seetharaman, A. and Raj, J.R., 2013. The usage and adoption of cloud computing by small and medium businesses. International Journal of Information Management, 33(5), pp.861-874.
Kluge, D. and Sambasivam, S., 2008, November. Formal information security standards in German medium enterprises. In CONISAR: The Conference on Information Systems Applied Research..
Subba Rao, S., Metts, G. and Mora Monge, C.A., 2003. Electronic commerce development in small and medium sized enterprises: A stage model and its implications. Business Process Management Journal, 9(1), pp.11-32.
Sultan, N.A., 2011. Reaching for the “cloud”: How SMEs can manage. International journal of information management, 31(3), pp.272-278.
Yeboah-Boateng, E.O. and Essandoh, K.A., 2014. Factors influencing the adoption of cloud computing by small and medium enterprises in developing economies. International Journal of Emerging Science and Engineering, 2(4), pp.13-20.

Get Quality Assignment Without Paying Upfront

Hire World's #1 Assignment Help Company

Place Your Order