Individual Assignment: Research Essay Research the topic of Information Security Management from quality sources and write research essay on the topic of: The Need for Information Security Management...

The Need for Information Security Management for Small to Medium Size Enterprises
ABSTRACT
The information Security management very crucial factor among the organizations as per the current scenario of business globalization. Different companies are trying different types of efforts to use the best out of technology for themselves which also includes the e-business. Most of the organizations have made available different types of information over the database and it has made it vulnerable for different types of attacks to be performed by the hackers in the form of spam or malwares. It is necessary for the organizations to keep the databases protected with the best security measures to make sure that the data is confidential and private. Semi structured interviews were taken from different managers at different levels and most of them requested make sure that it is according to the views with relation with the availability, confidentiality and contiguity which are the major objectives of the information security. It is also found that most of the industrialists believe to have security of the information and it is very important for the organization but most of them are reacting in administrating information security. This results in reacting of the organisations in very unprepared manner which can lead to loss of reputation and business. The results also provide strong baseline for the organization to check their current operating system and improve it by applying new security measures as per the requirement.
INTRODUCTION
The history shows that human can endeavours with the aim to make a better place in the world for the living life. There are people who have already made efforts to bring the world closer and turn the dream of mankind reality to use the advent of information technology. The usage of Internet is going substantially. It has totally changed the way businesses are looking at their range and trying to attract the customers from all over the world. The organizations have already made considerable investments whether they are large or small sized enterprises to use maximum out of the Internet for reaching out and getting the attention of different customers over the global network. As the Internet has changed revolutionary fact over the business it has also increased the threats and risk to the information security of the organization. The organisations have already selected to utilise the Internet based platform attempt for interacting with the customers this has created a huge amount of information in our digital format. This digital format can travel across different areas of the world with the help of interconnected networks which are very prone for cyber-attacks like spam, viruses, malware etc. In the current day there's a lot of economic competitors in the business scenario and information is a very important asset for them and they can suffer from huge blows economically and also for their reputation if they are not able to save card their information. This disadvantage of the Internet has resulted in loss of information and it he has also shaken the confidence and trust the users over the technology (Abbas, J., Mahmood, H. K., & Hussain, F).
The businesses are changing regularly over the passage of time and the ink requirement for the security measures of the information is also changing regularly. The security policies need to adapt all the changes and it should align with the changing objectives of the business also. The businesses are driving forward to make sure that they have correct security policies security infrastructure transformation should always take place as for the strategic objectives of the business and enterprise. Security guards, locked houses, barb wired facilities, safes in banks and many other features are just an email to provide physical security to all the assets. But the information security is not possible with all the security measures and it is important to provide the digital domain for the information security. There are mainly for objectives of the security of information as follows.
i. Confidentiality – The business should always try to transfer the information to people as per their requirement which means Better information should not be transferred to the unauthorized people.
ii. Integrity – The information which is present in the computers should be kept secure from getting contaminated or corrupted.
iii. Availability – We should try to make sure that the data is available to the authorised people whenever they needed. The availability and confidentiality can be used to make sure data integrity.
iv. Non-repudiation – It is used to prove the integrity and authenticity of the data.
Literature Review
The organization may suffer from the substantial damage for the reputation when they become a prey for the attack of information security. Organization which have the incident response management can discover and identify if they are under some attack and if there is no such management then the organization is moving towards the attack which can harm it and cause a lot of loss. The disaster recovery strategies another method which can help the organization to eradicate any presence of attacker, contain the damage and recover in the secure environment. After finding out the importance of disaster recovery and incident response management The Institute of Internet security United States has placed both of them in the top 20 critical security controls for the organizations. National Institute of standards and technology united states has also proved its importance and they have also shared detailed guidance about the planning and implementation of these plans in their special publication (Ashenden, D).
If the organization does not have clear and effective disaster recovery plan and incident response management then they would compromise over the different phases like identification, preparation, containment, eradication, recovery and the lessons learned. They should always be prepared for handing different type of threats which...