ICT380 Information Security Policy And Governance

ICT380 Information Security Policy And Governance

Free Samples

ICT380 Information Security Policy And Governance

.cms-body-content table{width:100%!important;} #subhidecontent{ position: relative;
overflow-x: auto;
width: 100%;}

ICT380 Information Security Policy And Governance

0 Download15 Pages / 3,635 Words

Course Code: ICT380
University: Murdoch University Singapore

MyAssignmentHelp.com is not sponsored or endorsed by this college or university

Country: Singapore

Then, choose four (4) topics among the following:- Security standards compliance issues in information security management Cloud security management Bring Your Own Device (BYOD) security management Ethical issues in information security management Implementing cybersecurity policy Planning for contingencies Security training and education  Development and implementation of information security policies Human resource issues in information security management

Information security management is a very crucial element for all organizations irrespective of their size due to the increasing globalisation of business. The entities are trying their level best to make the best use of the technology by doing e-business as well. The business houses have made great volume of data available on their database, but unfortunately with it have invited various security issues. Thus organizations have to always be on the go of protecting their information from such vulnerabilities and therefore information security management is very important. A sizeable investment has been made by larger as well as small and medium enterprises (SME) so that they are able to maximise the usage of internet so as to be able to reach the customers across the globe with ease. But at the same time these enterprises had to make a huge investment in ensuring that the said information is well protected against any kind of security hacks. As the business houses have decided to take into account the internet platform to reach out to the world at large, therefore they are forced to form a digital kind of information circle so that the reach is simple. However the said information is prone to a number of attacks such as phishing, malware, Trojans etc. The need of the business houses keeps on changing continuously. The security management of the SME should be such that it may be able to adapt to the changes and support it with the altering business aims and goals. Those SMEs who have IT infrastructures target at challenging the bigger organizations due to their flexibility, competence and custom-made solutions (Helokunnas & Iivonen, 2003). Therefore it is rightly said that a well planned information security policy will help a SME concern outshine in comparison to its competitors and would be the first preference of customers.
The SMEs most of the time put in less money and have less expertise in establishing and maintaining IT security policies and strategies. Due to the same, the cyber hackers target them the most. As per a survey conducted by Symantec Global SMB Survey of 2013, due to less security of the information by the SMEs, 31 percent of the targeted attacks are done on them. Further, a survey was done by PWC LLP, UK in the year, April 2012, which showed that 76 percent of small organizations had to face the brunt of security lapses which had led to a cost of 15000 to 30000 pounds on an average. It is true that although the information security management is a must for the SMEs as well so as to be able to counter attack the larger organizations, they still are unable to invest that much of amount into it and hence become the man victim into the hands of the hackers (Abbas et al. 2016). The SMEs are one of the larger segments who need the information security management the most.
Topic 1: Security Standards Compliance Issues In Information Security Management
Management of the information security as against the IT related security is something which is now gaining the attention of many. It has been years that organizations have only been concentrating upon IT security management but the age has changed. One of the biggest threat in today’s age is the insider threat. It is a threat that is caused by the employees, staff and management itself that take benefit out of the susceptibilities that the system has to offer. The data bank of any company is one of the most priced assets (Magklaras, & Furnell, 2004). Thus for the protection of the same, they need to ensure that an adequate governance policy is imbibed within the concern and a strong internal control system is in place so as to protect the information. With regards the security management of information of an organization, due diligence should be assumed to certify that the risks are known to all and well tackled whenever any deficiencies arise. The ISO/IEC 27001 standard determines a measurement for an information security management system (ISMS). The standard is used by all types of entities across the globe as a basis for the management of the organisation’s policy and implementation of information security (Churchman, 2017). SMEs have also been using the said standard for the successful implementation of information security management as it is a very flexible one and hence has become the ‘de facto’ for the information security management overall.
The said standard adopts the PDCA approach which is also known as continuous improvement since the information security management system is being monitored regularly so as to conform that the control is good enough to check upon the risks associated with information security. With regards SMEs and the security standards compliance issues in information security management, they find the same to be an expensive burden. They view the PCI-DSS(payment card industry data security standard) as a long expensive project. SMEs are also seen to be in a fix as to what they should comply with and what not. They say that they can comply with a particular standard but the question is for how long since they undergo changes frequently. Thus as per SME per se it is a costly affair (Kelly 2015).
Apart from complying with the security standards, the number of international standards are also not many so as to help the SMEs towards conforming adequate measures for safeguarding the data. Regrettably, various statements of the standards are demanding for the SMEs to comply for the purpose of identification of the tasks and the activities that is required to be adhered to. The implementation guidelines are also not detailed well so as to help it to apply for the information security and privacy needs. Further the security standards compliance is process driven that may not yet be implemented in a SME and adopting the same would call for designing and reengineering of the internal processes (Humphreys, 2008). SMEs generally have restrictions with regards time as well as money. They prefer to adopt a reactive outlook than a proactive one and adoption of the information security compliance standards demands for commitment of time and finances which a SME would prefer to invest in the business activities which would give a more transparent ROI (Gupta & Hammond, 2005).
However, the bigger organizations do not face such security compliance issues since for them the security of information is a priority and a valuable asset. The cyber attacks are more threatening for the larger companies in comparison to the SMEs and hence they generally are unaffected by the same as they do not store such data which are too critical. As per a survey which was conducted in the year 2013, amongst the small business houses by the UN National Small Business Association, only thirty percent of small entities are worried about the susceptibilities to the attack on their information and simply because of the same the SMEs are under a false impression that the security compliance about information is basically for the larger concerns and not meant much for them (ENISA 2015). It is a fact that the larger concerns have to be more protective towards the information of their business but the smaller ones also cannot avoid.
Topic 2: Bring Your Own Device Security Management
Another very important reason due to which the need for information security management for SMEs have increased is the availability of 3G/4G networks which has made internet accessibility on various devices very easy such as laptops, mobile phones and tablets. This has led to the emergence of gadget mobility trends. A small part of this trend comprises of bring your own device (BYOD) which meant that the staff of a concern were allowed to make use of their personal gadgets during their working hours as well. The term was called “bring you own technology” but the last word of the phrase soon got replaced with “device” since it comprised of both software as well as hardware. With the advent of communication via mobile phones in the field of function design, user experience as well as other segments, the staffs demand for working via the mobile internet has increased. Due to certain apps being easier to use in the mobile phones and giving an experience better than computers, the employees want to become independent enough by getting away of the on-cable networks and laptops and letting in their personal devices for official use. This would help them to make maximum utilisation of their official as well as unofficial office hours.
However, there is a big risk of data leakage because BYOD has led to an increment to the number of accesses of enterprise data. The biggest threat that the BYOD poses is due to the employees or as is rightly said the insiders. Even for a SME, for whom competition is wide and hence they need to be extra careful with regards threats being posed by BYOD. The employees who used their own devices for the official purposes, may unknowingly  end up leaking confidential data to another employee of another concern or may even end up opening of such mails which contain malware. A single personal gadget can have a very malicious and unwinding impact on the entire IT infrastructure of a company. Last but not the least, the information security management become a larger concern for SMEs simply because if a BYOD is stolen which has some very critical data stored, then the company can even be at a risk of liquidation owing to the size of the concern. Thus one of the best ways to protect is to decide the limit within which a company official can use its own device for the official work and also specify the devices that can be used for office work as well. One of the ways to control the technical collapse would be the usage of MDM (Mobile Device Management) software which can help the threat to be reduced to a considerable level (Li & Yang, 2016).
Unfortunately, these security threats has made SMEs susceptible to great implications security events of cybercrime. However, SMEs are yet to adopt the BYOD technology at full length and hence can be said that they are still protected as against the larger organizations. The usage of the BYOD technology is an expensive affair as even if it reduces the usage of company devices to a considerable level, yet the level of security related threats multiplies greatly due to which the same turns out to be a costly affair. The larger organizations have adopted the technology well due to the vast spread of their business but the same is yet to be adopted full fledged by the SME segment simply because of the vast requirements of the limitations to be imposed while implementing the same, obtaining consent from the top management as well as ensuring that a vigilance is being imposed on the employees (Alqatawna, 2014).  Further it demands for adhering to a more stringent privacy policy as well as usage of some of the high level software programs which would help to keep a track on the kind of usage the employee is doing of the device. Lastly, the bigger organizations already have a big IT infrastructure already installed within and adding up to the said technology would not require much of an expertise thus would turn out to be cost effective in the long run, but for an SME, owing to the size of the organization, the said technology would call for a huge cost on IT infrastructure and the outcome may not be pass the viability too (Romer, 2014).
Topic 3: Implementing Cyber Security Policy
All organizations have their own information security and privacy policies in place which is needed to ensure that the information is safe and secure. However, simply formulating the policies without implementing them, is a worthless procedure. Thus the information security management would help to the adherence of the cyber security policy that is in place in various organizations, irrespective of their size. Before any policy is implemented, the same needs to be communicated to the staff and their opinion should be sought for in case of any changes to be made or any such suggestions. If the same is done, then it ensures easy implementation of the cyber security policies formulated by the organizations. The same is a very cumbersome and costly affair.
The main issues related to implementation of cyber security policies within a SME is manifolds. The various contents of the standards are challenging for the SMEs with respect to identification of tasks and actions that is required to be performed. Unfortunately, they fail to realise the need behind various security and privacy needs. The information security management will enable the SMEs to become aware of the suppleness that the various standards offer with respect to the implementation and monitoring of controls which otherwise they fail to recognize with regards execution of the cyber security policy. One of the most prominent issue recognised while implementation of the cyber security policy within a SME is that the standards are written in a manner which is less possible for the non-technological SME to understand. The standard cyber security policies are basically framed to support the large scale organizations. The terms are said to be very complex and ambiguous thus making it difficult for the SMEs to adopt with ease. Sadly, the SMEs are unable to customise the standards as per their needs and requirements and the applicable legal, regulatory and contractual requirements. Thus the said issues may to some extent be addressed if a proper information security management is available within a SME (O’Regan & Ghobadian, 2004).
The need of idea to research with elucidations could possible conclude that the policy related issues of cyber security looked upon as something more frightening than it is in the true sense. In this world of cyber space, organizations are working without being much aware of the risks involved. Larger organisations can easily work without sharing their resources, the SMEs unfortunately cannot and hence suffer from lack of accessibility to resources that can help to improvise the security within the stated budgets which are generally small. Thus it can be rightly said that the information security management is the need of the hour for the SMEs so as to ensure that the policies are implemented successfully which otherwise is a cumbersome and a costly work. The larger organizations can work without any specific management system for information security, but the SMEs if work in an unorganized manner, fail to take the advantage of the flexibility these policies offer as well as the high end protection to data that it has to offer (Chak 2015). Thus if the SMEs implement their cyber security policies properly, then they would have a competitive advantage over and above the other SMEs, thus get preference above others.
Topic 4: Security Training And Education
The information breach survey revealed by PWC LLP, UK mainly pointed towards the fact that three fourths of the percentage of small business entities of which the security policy was found out to be poor was mainly due to employee related information security breaches. The survey further showed that around fifty percent of the SMEs did not have the proper education imparted to the employees with regards the information security management. If an SME has a well documented information security policy but the same is not communicated and well comprehended by the employees, it will be subject to such information security threats and the same would be as worse as a SME which does not possess the security policy at all. Simply formulating an information security policy is not enough if the same is not made aware to the employees and trained accordingly. It would be referred to be a waste and the entire management would be treated as unsuccessful (Furnell et al. 2000). Thus adequate training programs should be conducted on a timely basis and an agreement should be made to sign by all the employees regarding the compliance of the confidentiality. Although the same would require involvement of cost but the same is a necessity.
It is thus understood that a continuous education and training program with regards the information security is a must within all types of organizations. Human error is one such area which can be just reduced but not eradicated in totality and thus the importance of training and education comes up.  Most of the organizations prefer spending quality time and money in educating their staff but here the organisation size is bigger as SMEs at times cannot afford to park in that much amount in training due to limitation of funds. SMEs are said to be different to the larger organizations not with regards the kind of security issues they face but the way there operations are conducted (Ng et.al. 2013). SMEs are required to tighten their security simply because compliance and adherence to laws and rules are on the priority list of government as well as large entities. The biggest problem in implementing the education and training amongst the employees in a SME is the fact that they tend to follow the footsteps of bigger organizations which will definitely be more concrete and on a larger scale due to their size of business as well as number of staff. They should understand that educating the staff would not cost them an amount equivalent to that of larger concerns (Herold, 2010). Bigger organizations are more focussed upon increasing he security related budgets whereas the SMEs cannot afford to do the same and hence they should concentrate upon their customers. Due to the same their measures should be fast as well as within budgets. Further to this the SME should be more conscious about their reputation in the market as the competition is huge for them and hence any kind of security breach especially from the staff, portrays a bad image in front of the customers thus loosing trust which becomes difficult to regain as compared to that of larger organizations since their reach is wide as compared to the SMEs reach (Sadok & Bednar 2016). Thus training and educating the employees should be one of the priorities for all types of concerns with regards the information security management.
Thus on a concluding note, it is rightly understood that the SMEs also need an information security management as the level of competition or rather the number of competitors are much more and it is easy for any one competitor to wipe off the other one if their confidential data gets leaked. Even though generally the SME may not seem to be too wary of the application of the system for information security management, yet the same is of utmost importance because the benefit is much more than the cost incurred. The security compliance is an issue, BYOD implementation is also a reason as it leads to data leakage with ease and further implementing a cyber security policy is a tedious task wherein it demands for time also along with money. Last but not the least, educating and training the staff is not a one-time process. It is an ongoing procedure. Thus one can say that the need for an information security management for SMEs is situation driven and organization specific unlike the larger organizations wherein the need for the such a system is a compulsion by default.
Abbas,J. Mahmood,H.K. & Hussain,F. (2015). Information Security Management for Small and Medium Size Enterprises. Retrieved from https://www.researchgate.net/publication/308992350_INFORMATION_SECURITY_MANAGEMENT_FOR_SMALL_AND_MEDIUM_SIZE_ENTERPRISES
Alqatawna,J. (2014). The Challenge of Implementing Information Security Standards in Small and Medium e-Business Enterprises. Journal of Software Engineering and Applications. 7. 883-890
Chak,S.K. (2015). Managing Cybersecurity As A Business Risk For Small and Medium Enterprises. Retrieved from https://jscholarship.library.jhu.edu/bitstream/handle/1774.2/38027/CHAK-THESIS-2015.pdf
Churchman,H. (2017). The 3 key challenges of ISO 27001 implementation for SMEs. Retrieved from https://advisera.com/27001academy/blog/2017/04/17/the-3-key-challenges-of-iso-27001-implementation-for-smes/
ENISA. (2015). Information Security and privacy standards for SMEs. Retrieved from file:///C:/Users/E-ZONE/Downloads/Information%20security%20and%20privacy%20standards%20for%20SMEs%20(1).pdf
Furnell, S.M., Gennatou, M. & Dowland, P.S. (2000). Promoting Security Awareness and Training within Small Organisations, in Proceedings of the 1st Australian Information Security Management Workshop. Deakin University, Geelong, Australia
Gupta, A. & Hammond, R. (2005). Information systems security issues and decisions for small businesses. Information Management & Computer Security, 13(4), 297-310
Herold,R. (2010). Managing an Information Security and Privacy Awareness and Training Program Second Edition. New York: Auerbach Publications.
Humphreys, E. (2008). Information security management standards: Compliance, governance and risk management. Information Security Technical Report, 13, 247-255
Helokunnas, T. & Iivonen, I. (2003) Information Security Culture in Small and Medium Size Enterprises, Seminar Presentation, Institute of Business Information Management, Tampere University of Technology, Finland
Kelly,L. (2015). Tackling the IT security and compliance challenges for SMEs. Retrieved from https://www.computerweekly.com/feature/Tackling-the-IT-security-and-compliance-challenges-for-SMEs
Li,P. & Yang, L. (2016). Management Strategies of Bring Your Own Device. MATEC Web of Conferences.
Magklaras,G.B. & Furnell,S.M. (2004). The Insider Misuse Threat Survey : Investigating IT Misuse from legitimate users. Retrieved from https://folk.uio.no/georgios/papers/IWAR04MagklarasFurnell.pdf.
Ng,Z.X. Ahmad,A. & Maynard, S.B. (2013). Information Security Management: Factors that Influence Security Investments in SMEs. Australian Information Security Management Conference. Retrieved from https://ro.ecu.edu.au/cgi/viewcontent.cgi?article=1156&context=ism
O’Regan,N. & Ghobadian,A. (2004). Testing the homogeneity of SMEs : The impact of size on managerial and organizational processes. European Business Review. 16. 64-77
Romer,H. (2014). Best Practices for BYOD security. Computer Fraud and Security.
Sadok,M. & Bednar,P. (2016). Information Security Management in SMEs- Beyond the IT Challenges. Retrieved from file:///C:/Users/E-ZONE/Downloads/CSCAN-OA-298%20(4).pdf

Free Membership to World’s Largest Sample Bank

To View this & another 50000+ free samples. Please put
your valid email id.


Yes, alert me for offers and important updates


Download Sample Now

Earn back the money you have spent on the downloaded sample by uploading a unique assignment/study material/research material you have. After we assess the authenticity of the uploaded content, you will get 100% money back in your wallet within 7 days.

UploadUnique Document

DocumentUnder Evaluation

Get Moneyinto Your Wallet

Total 15 pages


*The content must not be available online or in our existing Database to qualify as

Cite This Work
To export a reference to this article please select a referencing stye below:


My Assignment Help. (2021). Information Security Policy And Governance. Retrieved from https://myassignmenthelp.com/free-samples/ict380-information-security-policy-and-governance/small-and-medium-enterprises.html.

“Information Security Policy And Governance.” My Assignment Help, 2021, https://myassignmenthelp.com/free-samples/ict380-information-security-policy-and-governance/small-and-medium-enterprises.html.

My Assignment Help (2021) Information Security Policy And Governance [Online]. Available from: https://myassignmenthelp.com/free-samples/ict380-information-security-policy-and-governance/small-and-medium-enterprises.html[Accessed 18 December 2021].

My Assignment Help. ‘Information Security Policy And Governance’ (My Assignment Help, 2021) accessed 18 December 2021.

My Assignment Help. Information Security Policy And Governance [Internet]. My Assignment Help. 2021 [cited 18 December 2021]. Available from: https://myassignmenthelp.com/free-samples/ict380-information-security-policy-and-governance/small-and-medium-enterprises.html.

.close{position: absolute;right: 5px;z-index: 999;opacity: 1;color: #ff8b00;}


Thank you for your interest
The respective sample has been mail to your register email id


$20 Credited
successfully in your wallet.
* $5 to be used on order value more than $50. Valid for
only 1

Account created successfully!
We have sent login details on your registered email.



Are you tired of getting negative comments repeatedly on your assignment in spite of working hard so much? If you are unable to understand where you are going wrong, it means you need professional assignment assistance. Signup with MyAssignmenthelp.com now to have top experts by your side. Our active chat support will not make you wait for long. They will assign the best writer in your subject who can solve your queries like assignment help Sydney.

Latest Management Samples

div#loaddata .card img {max-width: 100%;

MPM755 Building Success In Commerce
Download :
0 | Pages :

Course Code: MPM755
University: Deakin University

MyAssignmentHelp.com is not sponsored or endorsed by this college or university

Country: Australia

The process of developing a successful business entity requires a multidimensional analysis of several factors that relate to the internal and external environment in commerce. The areas covered in this current unit are essential in transforming the business perspective regarding the key commerce factors such as ethics, technology, culture, entrepreneurship, leadership, culture, and globalization (Nzelibe, 1996; Barza, 2…

SNM660 Evidence Based Practice
Download :
0 | Pages :

Course Code: SNM660
University: The University Of Sheffield

MyAssignmentHelp.com is not sponsored or endorsed by this college or university

Country: United Kingdom

Critical reflection on the objective, design, methodology and outcome of the research undertaken Assessment-I
Smoking and tobacco addiction is one of the few among the most basic general restorative issues, particularly to developed nations such as the UK. It has been represented that among all risk segments smoking is the fourth driving purpose behind infections and other several ailments like asthma, breathing and problems in the l…
Australia Maidstone Management Business management with marketing University of New South Wales Masters in Business Administration 

BSBHRM513 Manage Workforce Planning
Download :
0 | Pages :

Course Code: BSBHRM513
University: Tafe NSW

MyAssignmentHelp.com is not sponsored or endorsed by this college or university

Country: Australia

Task 1
1.0 Data on staff turnover and demographics
That includes the staffing information of JKL industries for the fiscal year of 2014-15, it can be said that the company is having problems related to employee turnover. For the role of Senior Manager in Sydney, the organization needs 4 managers; however, one manager is exiting. It will make one empty position which might hurt the decision making process. On the other hand, In Brisba…

MKT2031 Issues In Small Business And Entrepreneurship
Download :
0 | Pages :

Course Code: MKT2031
University: University Of Northampton

MyAssignmentHelp.com is not sponsored or endorsed by this college or university

Country: United Kingdom

Entrepreneurial ventures
Entrepreneurship is the capacity and willingness to develop, manage, and put in order operations of any business venture with an intention to make profits despite the risks that may be involved in such venture. Small and large businesses have a vital role to play in the overall performance of the economy. It is, therefore, necessary to consider the difference between entrepreneurial ventures, individual, and c…
Turkey Istanbul Management University of Employee Masters in Business Administration 

MN506 System Management
Download :
0 | Pages :

Course Code: MN506
University: Melbourne Institute Of Technology

MyAssignmentHelp.com is not sponsored or endorsed by this college or university

Country: Australia

An operating system (OS) is defined as a system software that is installed in the systems for the management of the hardware along with the other software resources. Every computer system and mobile device requires an operating system for functioning and execution of operations. There is a great use of mobile devices such as tablets and Smartphones that has increased. One of the widely used and implemented operating syste…
Australia Cheltenham Computer Science Litigation and Dispute Management University of New South Wales Information Technology 


Our Essay Writing Service Features

Qualified Writers
Looming deadline? Get your paper done in 6 hours or less. Message via chat and we'll get onto it.
We care about the privacy of our clients and will never share your personal information with any third parties or persons.
Free Turnitin Report
A plagiarism report from Turnitin can be attached to your order to ensure your paper's originality.
Safe Payments
The further the deadline or the more pages you order, the lower the price! Affordability is in our DNA.
No Hidden Charges
We offer the lowest prices per page in the industry, with an average of $7 per page
24/7/365 Support
You can contact us any time of day and night with any questions; we'll always be happy to help you out.
$15.99 Plagiarism report
$15.99 Plagiarism report
$15.99 Plagiarism report
$15.99 Plagiarism report
$3.99 Outline
$21.99 Unlimited Revisions
Get all these features for $65.77 FREE
Do My Paper

Frequently Asked Questions About Our Essay Writing Service

Academic Paper Writing Service

Our essay writers will gladly help you with:

Business Plan
Presentation or Speech
Admission Essay
Case Study
Reflective Writing
Annotated Bibliography
Creative Writing
Term Paper
Article Review
Critical Thinking / Review
Research Paper
Thesis / Dissertation
Book / Movie Review
Book Reviews
Literature Review
Research Proposal
Editing and proofreading
Find Your Writer

Latest Feedback From Our Customers

Customer ID:  # 678224
Research Paper
Highly knowledgeable expert, reasonable price. Great at explaining hard concerts!
Writer: Raymond B.
Customer ID: # 619634
Essay (any type)
Helped me with bear and bull markets right before my exam! Fast teacher. Would work with Grace again.
Writer: Lilian G.
Customer ID: # 519731
Research Paper
If you are scanning reviews trying to find a great tutoring service, then scan no more. This service elite!
Writer: Grace P.
Customer ID: #499222
Essay (any type)
This writer is great, finished very fast and the essay was perfect. Writer goes out of her way to meet your assignment needs!
Writer: Amanda B.
Place an Order

Calculate the price of your order

You will get a personal manager and a discount.
We'll send you the first draft for approval by at
Total price:

Powered by essayworldwide.com

× WhatsApp Us