Browse > Article
http://dx.doi.org/10.22156/CS4SMB.2017.7.2.119

A Study on Establishment of Small and Medium Business Information Security Plan under Resource Restrictions  

Kwon, Jang-Kee (Dept. of MIS, Korea National University Grauduate School Of Transportation)
Kim, kyung-Ihl (Dept. of MIS, Korea National University Of Transportation)
Publication Information
Journal of Convergence for Information Technology / v.7, no.2, 2017 , pp. 119-124 More about this Journal
Abstract
Information is a valuable asset regardless of the size of the enterprise and information security is an essential element for the survival and prosperity of the enterprise. However, in the case of large corporations, Security is ensured through rapid introduction of information security management system. but In the case of SMEs, security systems are not built or construction is delayed due to complex factors such as budget constraints, insufficient security guidelines, lack of security awareness. In this paper, we analyze the actual situation of information security management of SMEs through questionnaires, and We would like to suggest a comprehensive security plan for SMEs in free or inexpensive ways. We believe that by applying the method presented in this paper, SMEs will be able to implement the lowest cost basic information security and will benefit SMEs who plan to establish an information security plan.
Keywords
Information Security; Business; Security Planning; IT Security; Risk Planning;
Citations & Related Records
연도 인용수 순위
  • Reference
1 M. S. Todd1 and S. M. Rahman, "Complete Network Security Protection For SME'S Within Limited Resources," International Journal of Network Security & Its Applications (IJNSA), Vol. 5, No. 6, pp. 1-13, Nov. 2013. DOI: 10.5121/ijnsa.2013.5601   DOI
2 K. I. Kim, G. S. Jeon and G. S. Chae, “NFC Payment System for Security Privacy and Location Information of User,” Journal of Convergence Society for SMB, Vol. 6, No. 2, pp. 21-26, June. 2015. DOI: 10.22156/CS4SMB.2015.6.2.021
3 Y. S. Jeong, “Design of Prevention Model according to a Dysfunctional of Corporate Information,” Journal of Convergence Society for SMB, Vol. 4, No. 3, pp. 7-13, June. 2016. DOI: 10.22156/CS4SMB.2016.4.3.007
4 J. K. Kwon and J. T. Lee, "An Empirical Study on the factors Information Protection Policy of Employee's Compliance Intention," Journal of Convergence Society for SMB, Vol. 4, No. 3, pp. 7-13, Aug. 2014. DOI: 10.22156/CS4SMB.2014.4.3.007
5 Y. S. Jeong, "Design of Security Model for Service of Company Information," Journal of Convergence Society for SMB, Vol. 2, No.2, pp. 43-49, Nov. 2012. DOI: 10.22156/CS4SMB.2012.2.2.043
6 M. S. MCS, "Business continuity planning: best practices for your organization," Retrieved from http://www.mcsmanagement.com/WhitepapersUpload, 2007.
7 https://www.ultari.go.kr/portal/psi/techPrtcManual.do
8 https://www.tradesecret.or.kr/bbs/standard.do
9 https://it.smplatform.go.kr/prSysCnstc/intrcnView?bsns-ClCodeSe=0000002G
10 K. Ojdana, and A. Watmore, "Getting physical with network security," Retrieved from http://www.molexpn.com/Media/docs/Getting-Physical-with-Network-Security-cb5ed721-977d-4f7d-a4c5-995b6524d3aa.pdf, 2010. 10.
11 P. Oppenheimer, "Developing network security strategies," Retrieved from http://www.ciscopress.com/articles/article.asp?p=1626588&seqNum=2. 2010. 10.
12 Microsoft. "Applying the principle of least privilege to user accounts on windows xp," Retrieved from http://technet.microsoft.com/en-us/library/bb456992.aspx, 2006. 01.
13 S. Motiee, K. Hawkey and K. Beznosov, "Do windows users follow the principle of least privilege? investigating user account control practices. Symposium on Usable Privacy and Security (SOUPS)," Retrieved from http://cups.cs.cmu.edu/soups/2010/proceedi ngs/a1_motiee.pdf, 2010.
14 FireEye, "The advanced cyber attack landscape," Retrieved from http://www2.fireeye.com/rs/fireye/images/fireeye-advanced-cyber-attack-landscapereport.pdf?mkt_tok=3RkMMJWWfF9wsRogs63NZKXonjHpfsX57O4kXqO%2BlMI%2F0ER3fOvrPUfGjI4ETcFlI%2FqLAzICFpZo2FFeE%2FKQZYU%3D. 2013.
15 P. Oppenheimer, "Developing network security strategies," Retrieved from http://www.ciscopress.com/articles/article.asp?p=1626588&seqNum=2, 2010.
16 K. Scarfone and P. M. Mell, Guide to intrusion detection and prevention systems, NIST SP, No. 800-94, 2007.
17 J. Lazauskas, "the-3-biggest-cybersecurity-threats-of-2014-and-how-the-federal-government-plans-stop-them," http://www.forbes.com/sites/centurylink/, 2014. 10.