Implementation of Information Security Regimes

Solution Preview

** Please see the attached file for the complete solution response **

Implementation of information security regimes in small-to-medium enterprises (SMEs) against implementation in much larger organizations
1. Incident response management and disaster recovery
Incident response management, including disaster recovery and business continuity, is a step by step process of responding to data security breaches such as lost laptops and Web application hacks. Incorporating incident response plans in the disaster recovery plan is essential for keeping critical company data safe and secure. Small scale organizations or those with limited resources have a tendency to think that incident response management is not required or it is not feasible given the scale of its operations. However, instead of avoiding the concept totally, smaller organizations can within their means incorporate a incident response plan with a lesser number of skilled employees. These personnel could include the CIO, IT department staff, help desk staff, and IT support staff. These members could be utilized without re-organization or with minor realignment.
In large organizations, incident response management parts an important part of information security systems. The IT team responsible for implementing disaster recover determines the incident response needs to serve as a starting point. This is done through conducting needs assessments throughout the organization. After needs are determined, next step is forming policies and procedures. These constitute in a clear and concise manner what is expected of them and what the organization would be. Without policies, there would be no guidelines as to what should be done what an incident occurs. Hence, in a small organization incident response plan is at a small scale deployed using existing employees whereas with large organizations it is properly formulated and documented with a dedicated staff.
2. Mobile device security management
As the use of mobile devices is increasing, the need for an end-to-end security management system is required. This is due to two main reasons- first is the proliferation of mobile devices that look like PCs with regard to processing capacity, and applications. The second is the growth of devices based on open operating systems such as Windows Mobile, Linux, creating easy targets for those with malicious intent.
An organization's overall security concerns related to mobile devices are the same regardless of the size of the organization. However mobile device security threats are generally faced by large corporations employing thousands of employees. In smaller organizations, it doesn't pay for protecting against such security concerns.
In large organizations this is a fast growing area where managers are putting their thoughts into. It is not a top-line security threat for large organizations as well which reports that only about 2% reported experiencing a serious security incident as a result of a social networking attack or leak. However the concept is changing now as mobile technology is increasing to be at par with that of a PC. Hence, while an organization cannot stop an employee from his or her choice of mobile device in the enterprise, but policy can be clearly communicated, outlining rules and the consequences for violating them. At the minimum level the large organizations are deploying firewall and access control to prevent an attacker from accessing work email and sensitive documents.
3. Linking business objectives with security
As web based applications are transforming the internet, security is the biggest concern of any organization. Due to the need to secure and protect their IT structure from vulnerabilities, businesses are increasingly linking business objectives with security. Without security an organization cannot be sure of whether its information is protected. As a part of business objectives, security gets the required attention and funding from the higher management.
Like large organizations, small organizations have also invested several resources to create their presence in global network. In small organizations, IT security solutions are designed to mitigate both external and internal risks, ensuring a resilient, secure, and dynamic infrastructure. Hence, small and midsize organizations are also following the path of large organization in incorporating security in business objectives.
In large organizations as complexity and interdependence of systems is increasing, security of information systems is taking a whole new meaning. It is no longer focused just on providing basic level of security, but considers security as a stepping stone to success for the business. Security is a common ...