Effective Information Security & Risk Management Strategy - Samples

Question: Discuss about the Effective Information Security Risk Management Strategy For Small Medium Enterprises. Answer Introduction Companies of all kind of size are now most importantly dependent on IT and network for the functions of the business operations. Thus, all have a constant need to make sure that their system and information are protected in right manner against any kind of security breaches. But, there are so many evidences that suggests that security based practices are not upheld with strength within small as well as medium organization environments. The discussion also presents as a survey of security practices within such companies in countries like USA and Europe with specific attention on whether right attention is placed on issue associated with risk assessment (A. Harris and P. Patten, 2014). The study also reveals that small and medium enterprises are featured by lack of right attention on IT based security measures with associated accountability and it is constantly unassigned or allocated to someone without right qualifications. Security Threats At the time when company was facing new threats and vulnerabilities on a routine basis, the crucial step in setting the right security for the system is assessed properly that present risks to which it can be exposed. Without this, a company cannot ensure to have right kind of appreciation of the threats and vulnerabilities faced by its current assets and hence this will lead to the rise of the counter measures as well. A method to achieve is by conducting the proper kind of risk assessment which can be defined as a systematic as well as analytical procedure to focus on the likelihood that the present threat will further endanger an asset, people or operations and to recognize the work to decrease the overall risk as well as mitigate the results of the attack (Johnson, 2014). Assessment of the risk can be divided into two separate procedure and the first process of risk analysis can be discussed as the assessment based on threats to influence on issues and vulnerabilities associated with data and information processed from facilities and the chances of the occurrences. It also involves steps like recognizing the assets that require to be protected and recognition of threats as well as vulnerabilities associated with the assets. With this, there is a need to focus on the risk management process as well which are important for the SMEs as they lack all the necessary resources which are related to the human capital, database and the specific knowledge patterns as well. Here, the structured risk management are employed with the different positions where the focus is on the administrative function as well. The small and medium enterprise based study is conducted in places like Europe and US by different universities respectively, to make the right comparison between small and medium companies attitude towards security (Kimwele, 2014). The factor for considering geographical as well as distinct security and protection of data legislation applied on each place and the motive is to evaluate the extent and how they impact the approaches of the company to security. The study is presently ongoing and the solution in the paper are entirely based on study from different companies. The study has shown many facts that were unknown before and the absence of the risk assessment is not the only methods in which there is lack of awareness and can be properly manifested (Peltier, 2016). The findings also show that the small and medium enterprises usually lack a formal and documented security based policies. While considering the globally accepted standards like ISO 17799, the security standards are i mportant which leads to the handling of the risks management like the inadequate infrastructure, management and the technical expertise, lack of finance and the intellectual resources that are for the technological development and changes. Thus, what is acceptable in this case and what is not is also determined by the study. It is important to understand that without any specific and defined objectives, a company cannot be proceeding to comprehensive level of risk assessment (Soomro et al., 2016). It is also important to note that the companys security policy can be updated as per their findings. But the study also investigated the overall share of small and medium size organizations that have further documented the security policy. The discussion also indicates that in the survey, responses like dont know are effectively like no responses. But even if the company is concerned do have the right policy and this evidently does not promote it the staff and in an appropriate manner (Wan g, and He, 2014). Conclusion The discussion has shown many evidences of important security issues in SME level culture and it may further lead to experiencing many unavoidable security cases and this happened mainly due to not performing a risk based analysis and not executing the right corrective measures. Recent study has also shown that the cost of cybercrime recovery for small firm is huge since it covers clean-up as well as recovery from viruses based outbreaks that can put the company network out in action for many days and at the same time also produces an average cost of huge amount to clean the mess (Wu et al., 2014). But with identified constraints as per the expertise, awareness and budget, it is challenging to see how the current situation for SME will further improve without more basic changes to approaches present to them. One of the upcoming issues arising from the findings is the need for a new kind of risk analysis and management based methods which will focus on removing the disadvantages and help SMEs to evaluate the risk to which assets are exposed to (Wynarczyk et al., 2016). References Harris, M. and P. Patten, K., 2014. Mobile device security considerations for small-and medium-sized enterprise business mobility.Information Management Computer Security,22(1), pp.97-114. Johnson, P.F., 2014.Purchasing and supply management. McGraw-Hill Higher Education. Kimwele, M.W., 2014. Information technology (IT) security in small and medium enterprises (SMEs). InInformation Systems for Small and Medium-sized Enterprises(pp. 47-64). Springer Berlin Heidelberg. Peltier, T.R., 2016.Information Security Policies, Procedures, and Standards: guidelines for effective information security management. CRC Press. Soomro, Z.A., Shah, M.H. and Ahmed, J., 2016. Information security management needs more holistic approach: A literature review.International Journal of Information Management,36(2), pp.215-225. Wang, F.K. and He, W., 2014. Service strategies of small cloud service providers: A case study of a small cloud service provider and its clients in Taiwan.International Journal of Information Management,34(3), pp.406-415. Wu, D.D., Chen, S.H. and Olson, D.L., 2014. Business intelligence in risk management: Some recent progresses.Information Sciences,256, pp.1-7. Wynarczyk, P., Watson, R., Storey, D.J., Short, H. and Keasey, K., 2016.Managerial labour markets in small and medium-sized enterprises. Routledge.