Digital Repository

The Impact of a Security Culture in Small and Medium Scale Enterprise (SME) on Enterprise Information Security

Show simple item record

dc.contributor.author Pathirana, H.P.A.I.
dc.contributor.author Karunathilaka, J.A.M.A.
dc.date.accessioned 2017-09-12T09:24:25Z
dc.date.available 2017-09-12T09:24:25Z
dc.date.issued 2017
dc.identifier.citation Pathirana, H.P.A.I.and Karunathilaka, J.A.M.A.2017. The Impact of a Security Culture in Small and Medium Scale Enterprise (SME) on Enterprise Information Security. Kelaniya International Conference on Advances in Computing and Technology (KICACT - 2017), Faculty of Computing and Technology, University of Kelaniya, Sri Lanka. p 42. en_US
dc.identifier.uri http://repository.kln.ac.lk/handle/123456789/17414
dc.description.abstract An information system is much more than computer hardware; it is the entire set of software, hardware, data, people, procedures, and networks that make possible the use of information resources in the enterprise. In current world, the information is stored in the computerised system in the form of digital data, including sensitive data, which can be extracted as needed. It is much better than maintaining hard copies in traditional manner by using physical storages. The information system security is crucially important for a business with that background. The SME introduces in many forms. Many use the number of employees, capital amount invested, turnover amount, and nature of business. In Sri Lanka, main banks use value of fixed assets as a way to introduce SME, whereas the World Bank uses number of employees as the criteria. Even though enterprises are relatively small and run with a limited budget, SMEs can now target national and international market segments, enabled by the Internet. Therefore, this complicated the business process at SMEs. The computer security represents confidentiality, integrity and availability (CIA) from the mainframe-computing era. The rise of the Internet and complex computer systems means that data is now decentralized. As such, the security measures now must extend form the CIA domain to cover additional areas, depicted in the McCumber Cube in three dimensions. This challenges SME’s to assure information security with a limited operating budget, and there are two approaches presented by the ‘Sphere of Protection’, focusing on both technology and people aspects. The technological aspect is expensive, whereas the people aspect is cost effective by introducing security culture. The policy implementation is the better tool for security culture by considering business in process level emphasizing laws to acknowledge people on the importance of assuring secure environment, and education and training are important to share the knowledge among employee. This paper explores the need for effective people based security measures for better security culture, before the implementation of technological controls is considered for SMEs. en_US
dc.language.iso en en_US
dc.publisher Faculty of Computing and Technology, University of Kelaniya, Sri Lanka. en_US
dc.subject Security Culture en_US
dc.subject Small / Medium Scale Enterprise en_US
dc.subject Enterprise Information Security en_US
dc.title The Impact of a Security Culture in Small and Medium Scale Enterprise (SME) on Enterprise Information Security en_US
dc.type Article en_US


Files in this item

This item appears in the following Collection(s)

Show simple item record

Search Digital Repository


Browse

My Account