The Need for Information Security Management for Small to Medium-Sized Enterprises – Literature review Example

Download full paperFile format: .doc, available for editing

The paper “ The Need for Information Security Management for Small to Medium-Sized Enterprises” is an excellent variant of literature review on information technology. Small to medium-sized business enterprises constitute a significant portion of the global/international economic activity. OECD (2006) argues that while there is no agreed definition of SMEs, they can generally be defined as non-subsidiary-independent firms that employ or make use of less than a specified employee number varying between countries, with the most common upper-limit being 250 employees. According to Tawileh et. al (2007), both the large and the small to medium-sized business enterprises have often invested significant amounts of resources so that their presence could be felt within the global networks.

Due to this, more information is increasingly created and even converted into the digital format, where it is saved in various storage mediums and transmitted via interconnected networks. As highlighted by Lacey & James (2010), there is currently a growing amount of reliable information as well as knowledge available owing to significant developments in terms of information and communication technology (ICT) services. As Lacey & James (2010) further highlight, alongside knowledge, information is currently regarded as a very significant asset other than the traditional production elements such as labor, required materials, and capital.

The business activity outcomes including the products available to consumers are often information. Information and in particular knowledge are therefore argued to be significant success factors that are critical to the activities of any particular business. Interest in terms of information and knowledge security has thus been regarded as increasing with the increasing developments/growths in information and communication technology (ICT). While it is argued that businesses benefit significantly from the increasing developments initiated by the growth of ICT, there have been significant challenges associated with these particular developments that have massively impacted negatively on the small to medium-sized business enterprises, the key being challenges associated with information security.

According to Bidgoli (2006), the small and medium-sized business enterprises experience an increasing array of threats associated with information security. A great number of these enterprises have however been argued to view security as other people’ s problems, or even wish it was so while minimizing their involvement as well as commitment.

The former point is highlighted to have been a generally consistent view conveyed by all small and medium-sized enterprises as well as consulted experts. This particular endemic attitude is argued to be encouraged by the sales pitches in relation to the new technology promoting business benefits while hardly mentioning the difficult areas including security, which is quite capable of impeding business sales. This particular paper, therefore, intends to provide an analysis as regards the need for information security management for small to medium-sized enterprises. As defined by Brotby (2012), information security management basically describes the various controls that organizations ought to put in place to make sure that it is effectively managing information security risks.

As highlighted by Laudon & Laudon (2006), information systems are basically interrelated components collecting, processing, storing and distributing an array of information in support of decision-making, coordination as well as facilitating control within organizations. From the business perspective, information systems are solutions to the management and the organization of businesses mainly by applying information technology to address challenges resulting from the business environment. Information systems are thus useful to managers and employees in terms of analyzing problems, creating new products, and visualizing complex subjects.

According to Laudon & Laudon (2006), while information systems entail information regarding significant individuals, places and other things within given organizations and the surrounding environment, information in this particular case is essentially data that are actually shaped to take a form meaningful and helpful to people. This is a particular trend that is commonly evident within the 21st-century  globalized world of businesses (digital firms) where the internet plays a significant role.

Apart from the numerous benefits that have come along with the developments of information technology systems, there have also been concerns regarding the security of information thereby bringing about information security management.


Aoufi, S. (2011).Information Security Economics. The Stationery Office

Ayrmer Software Limited. (2010). Understanding the Total Cost of Ownership, Retrieved on October 7th, 2013 from

Brotby, K & Hinson, G. (2013).Practical Information Security Metrics.CRC Press

Brotby, K. (2012).Information Security Management Metrics: A Definitive Guide to Effective Security Monitoring and Measurement. Taylor & Francis

Bidgoli, H. (2006).Handbook of Information Security, Threats, Vulnerabilities, Prevention, Detection, and Management: Volume 3 of Handbook of Information Security. John Wiley & Sons

Bougaardt, G & Kyobe, M. (2011). Investigating the Factors Inhibiting SMEs from Recognizing and Measuring Losses from Cyber Crime in South Africa, Electronic Journal Information Systems Evaluation, Vol.14 Iss.2

Chapple, M. (2003).Brush up on Personnel Security, Retrieved on October 7th, 2013 from

Casey, E. (2004).Digital Evidence and Computer Crime: Forensic Science, Computers, and the Internet. Academic Press

Clinch J. (2009) .Best Management Practice for Portfolio, Programme, Project, Risk, and Service Management: ITIL V3 and Information Security. Clinch Consulting

Dulaney, E. (2011). CompTIA Security+ Deluxe Study Guide Recommended Courseware: Exam SY0-301, John Wiley & Sons

DuBois, L & Yezhkova, N. (2009). Distinctions between SMB and Enterprise Requirements for Protection, Archiving, and Recovery

Ellis, J & Speed, T. (2001).The Internet Security Guidebook: From Planning to Deployment. Academic Press

GFI. (2013).Security Threats: A Guide for Small and Medium Businesses, Retrieved on October 4th, 2013 from

Jain, A & Ross, A. (2008).Introduction to Biometrics. Handbook of Biometrics. Springer

Kelly, L. (2011).The Top Five SME Security Challenges. Computer Weekly

Lacey, D & James, B. (2010).Review of Availability of Advice on Security for Small/Medium-Sized Organizations

Laudon, K & Laudon, J. (2006).Management Information Systems: Managing the Digital Firm, 9th Edition. Prentice Hall

Morreale, T. (2006).Incident handling for Small to Medium Enterprises

OECD. (2006).The SME Financing Gap. Theory and Evidence.OECD Publishing

OECD. (2010).Good Governance for Digital Policies: How to Get the Most out of ICT the Case of Spain's Plan Avanza: The Case of Spain's Plan Avanza. OECD Publishing

Probst, C, Bishop, M, Gollmann, D & Hunker, J. (2010).Insider Threats in Cyber Security. Volume 49 of Advances in information security, Springer

Purser, S. (2004).A Practical Guide to Managing Information Security. Artech House

ISACA. (2009).An Introduction to the Business Model for Information Security

Rashid, F. (2013).Most Small to Medium Enterprises Clueless on Common Mobile Threats: Survey. Security Week

Schweitzer, D. (2007).Know the Difference between Disaster Management vs. Incident Management: Hope for the best, but prepare for the worst, Retrieved on October 4th, 2013 from

Stoneburner, G, Goguen, A & Alexis, F. (2002).Risk Management Guide for Information Technology Systems

SearchSecurity. (2008).Spotlight article: Domain 8, Laws, Investigations and Ethics

Tawileh, A, Hilton, J & McIntosh. (2007).Managing Information Security in Small and Medium-sized Enterprises Holistic Approach

Tschetschonig, K. (2012). How SMEs protect critical knowledge in joint innovation activities with external partners. GRIN Verlag

WatchGuard Technologies. (2008).Top 10 Threats to SME Data Security, Retrieved on October 4th, 2013 from

Whitman, M & Mattord, H. (2010).Principles of Information Security. Cengage Learning

Warkentin, M & Vaughn, R. (2006). Enterprise Information Systems Assurance and System Security: Managerial and Technical Issues. Idea Group Inc

Download full paperFile format: .doc, available for editing
Contact Us