[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to main content
Springer Nature Link
Log in

Managing Information Security in Small and Medium Sized Enterprises: A Holistic Approach

  • Chapter
ISSE/SECURE 2007 Securing Electronic Business Processes

Abstract

Small to medium sized enterprises (SMEs) constitute a major part of the global economic activity. Due to the distinct characteristics of these enterprises, approaches to information security management that were mainly developed for larger organisations can not be feasibly applied in the context of SMEs. In this paper, we present some of the challenges impeding the implementation of information security management in SMEs. We propose a holistic approach based on Soft Systems Methodology to facilitate the development of security management systems within SMEs. The new approach acknowledges the limitations faced by SMEs and accounts for the systemic nature of the information security problem. We demonstrate the usefulness of our approach through a practical case study. The paper concludes with a brief summary of the findings and presents directions for future work.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
£29.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
GBP 19.95
Price includes VAT (United Kingdom)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
GBP 35.99
Price includes VAT (United Kingdom)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
GBP 44.99
Price includes VAT (United Kingdom)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. ABS, (2003). 8129.0 Business Use of Information Technology (2001–02). Canberra: Australian Bu-reau of Statistics.

    Google Scholar 

  2. R. J. Anderson (2001). Why Information Security is Hard-An Economic Perspective, in Proceedings of the Seventeenth Computer Security Applications Conference, IEEE Computer Society Press (2001), pp 358–365.

    Google Scholar 

  3. C. Anderson, 2006. The Long Tail: How Endless Choice is Creating Unlimited Demand. Random House Business Books, London, UK.

    Google Scholar 

  4. G. Ashish, J. Curtis & H. Halper (2003), “Quantifying the financial impact of IT security breaches,” Information Management & Computer Security, 11/2, 74–83.

    Google Scholar 

  5. H. Cavusoglu, B. Mishra, and S. Raghunathan (2004), The effect of internet security breach announce-ments on market value: Capi-tal market reactions for breached firms and internet security developers. International Journal of Electronic Commerce, 9:69–104.

    Google Scholar 

  6. Y. Chen, P. Chong & B. Zhang (2004), Cyber security management and e-government, Electronic Government, an International Journal 2004, Vol.1, No.3, pp. 316–327.

    Google Scholar 

  7. Checkland, P. ( 1999) Systems Thinking, Systems Practice. Wiley, West Sussex, UK.

    Google Scholar 

  8. CRAMM Risk Management Toolkit, http://www.cramm.com, accessed April 02, 2007..

    Google Scholar 

  9. Department of Trade and Industry (dti), (2005). SME Statistics UK 2005: Statistical Press Release. http://www.sbs. gov.uk/SBSGov_files/researchandstats/SMEstats2005pr.pdf accessed March 25, 2007.

    Google Scholar 

  10. eCom-Adviser, (2000). SMEs: Australia’s Business Backbone [Internet Web Site]. eCom-Adviser. http://host.ecomadviser.au, accessed March 25, 2007.

    Google Scholar 

  11. The European Commission, (2003). Observatory of European SMEs: SMEs in Europe 2003. http:// ec.europa.eu/enterprise/enterprisejolicy/analysis/doc/smesobservatory_2003_report7_en.pdf ac-cessed March 25, 2007.

    Google Scholar 

  12. A. Householder, K. Houle and C. Dougherty (2002), Computer attack trends challenge Internet secu-rity, IEEE Computer, Vol.35, No.4 (2002)5–7.

    Google Scholar 

  13. ISO17799 Information technology — Security techniques — Code of practice for information security management, http://www.iso.org/iso/en/prods-services/popstds/informationsecurity.html accessed April 02, 2007.

    Google Scholar 

  14. H. L. James (1996), Managing information systems security: a soft approach. Proceedings of the Infor-mation Systems Conference of New Zealand. IEEE Society Press.

    Google Scholar 

  15. L. Labuschagne& J. H. P. Eloff (2000). Electronic Commerce: The Information-Security Challenge, Information Management & Computer Security, Vol. 8, No. 3:154–157.

    Article  Google Scholar 

  16. B. W. Lampson, (2000). Computer Security in the Real World. In Proceedings of the Annual Computer Security Applications Conference.

    Google Scholar 

  17. A. Papazafeiropoulou & A. Pouloudi (2000), The Government’s Role in Improving Electronic Com-merce Adoption. In H.R. Hansen et al., (Eds.) Proceedings of the European Conference on Information Systems 2000 vol. 1, (pp. 709–716). July 3–5. Vienna, Austria.

    Google Scholar 

  18. SBA Office of Advocacy, (2003). State Small Business Profile: UNITED STATES, http://www.sba.gov/ advo/stats/profiles/03us.pdf accessed March 25, 2007.

    Google Scholar 

  19. [TI3P03] The Institute for Information Infrastructure Protection (The I3P) (2003), Cyber Security Research and Development Agenda.

    Google Scholar 

  20. V Yegneswaran, P. Barford, & J. Ull-rich (2003), Internet intrusions: global characteristics and preva-lence. InProc. ACMSIGMETRICS’ 03, pages 138–147.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. School of Computer Science, Cardiff University, 5 The Parade, Cardiff, CF24 3AA, UK

    Anas Tawileh, Jeremy Hilton & Stephen McIntosh

Authors
  1. Anas Tawileh
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jeremy Hilton
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Stephen McIntosh
    View author publications

    You can also search for this author in PubMed Google Scholar

Rights and permissions

Reprints and permissions

Copyright information

© 2007 Friedr. Vieweg & Sohn Verlag | GWV Fachverlage GmbH, Wiesbaden

About this chapter

Cite this chapter

Tawileh, A., Hilton, J., McIntosh, S. (2007). Managing Information Security in Small and Medium Sized Enterprises: A Holistic Approach. In: ISSE/SECURE 2007 Securing Electronic Business Processes. Vieweg. https://doi.org/10.1007/978-3-8348-9418-2_35

Download citation

  • DOI: https://doi.org/10.1007/978-3-8348-9418-2_35

  • Publisher Name: Vieweg

  • Print ISBN: 978-3-8348-0346-7

  • Online ISBN: 978-3-8348-9418-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation