The Impact of a Security Culture in Small and Medium Scale Enterprise (SME) on Enterprise Information Security

dc.contributor.authorPathirana, H.P.A.I.
dc.contributor.authorKarunathilaka, J.A.M.A.
dc.date.accessioned2017-09-12T09:24:25Z
dc.date.available2017-09-12T09:24:25Z
dc.date.issued2017
dc.description.abstractAn information system is much more than computer hardware; it is the entire set of software, hardware, data, people, procedures, and networks that make possible the use of information resources in the enterprise. In current world, the information is stored in the computerised system in the form of digital data, including sensitive data, which can be extracted as needed. It is much better than maintaining hard copies in traditional manner by using physical storages. The information system security is crucially important for a business with that background. The SME introduces in many forms. Many use the number of employees, capital amount invested, turnover amount, and nature of business. In Sri Lanka, main banks use value of fixed assets as a way to introduce SME, whereas the World Bank uses number of employees as the criteria. Even though enterprises are relatively small and run with a limited budget, SMEs can now target national and international market segments, enabled by the Internet. Therefore, this complicated the business process at SMEs. The computer security represents confidentiality, integrity and availability (CIA) from the mainframe-computing era. The rise of the Internet and complex computer systems means that data is now decentralized. As such, the security measures now must extend form the CIA domain to cover additional areas, depicted in the McCumber Cube in three dimensions. This challenges SME’s to assure information security with a limited operating budget, and there are two approaches presented by the ‘Sphere of Protection’, focusing on both technology and people aspects. The technological aspect is expensive, whereas the people aspect is cost effective by introducing security culture. The policy implementation is the better tool for security culture by considering business in process level emphasizing laws to acknowledge people on the importance of assuring secure environment, and education and training are important to share the knowledge among employee. This paper explores the need for effective people based security measures for better security culture, before the implementation of technological controls is considered for SMEs.en_US
dc.identifier.citationPathirana, H.P.A.I.and Karunathilaka, J.A.M.A.2017. The Impact of a Security Culture in Small and Medium Scale Enterprise (SME) on Enterprise Information Security. Kelaniya International Conference on Advances in Computing and Technology (KICACT - 2017), Faculty of Computing and Technology, University of Kelaniya, Sri Lanka. p 42.en_US
dc.identifier.urihttp://repository.kln.ac.lk/handle/123456789/17414
dc.language.isoenen_US
dc.publisherFaculty of Computing and Technology, University of Kelaniya, Sri Lanka.en_US
dc.subjectSecurity Cultureen_US
dc.subjectSmall / Medium Scale Enterpriseen_US
dc.subjectEnterprise Information Securityen_US
dc.titleThe Impact of a Security Culture in Small and Medium Scale Enterprise (SME) on Enterprise Information Securityen_US
dc.typeArticleen_US

Files

Original bundle

Now showing 1 - 1 of 1
No Thumbnail Available
Name:
42.pdf
Size:
521.03 KB
Format:
Adobe Portable Document Format
Description:

License bundle

Now showing 1 - 1 of 1
No Thumbnail Available
Name:
license.txt
Size:
1.71 KB
Format:
Item-specific license agreed upon to submission
Description:

Collections