Publication details

Home Publications Publication details

Approaches to IT Security in Small and Medium Enterprises
Dimopoulos V, Furnell SM, Jennex M, Kritharas I
Proceedings of the 2nd Australian Information Security Management Conference 2004, Perth, Australia, 26 November 2004, CD-ROM, pp73-82, 2004
Download links:  Download PDF

Organisations of all sizes are now significantly reliant upon information technology and networks for the operation of their business activities. All therefore have a consequent requirement to ensure that their systems and data are appropriately protected against security breaches. Unfortunately, however, there is evidence to suggest that security practices are not strongly upheld within small and medium enterprise environments. The paper presents a survey of specific security practices within such organisations in Europe and the USA, with particular focus upon whether adequate attention is given to the issue of risk assessment. The survey reveals that SMEs are characterised by lack of adequate attention to IT security, with related responsibility frequently unassigned, or allocated to someone without appropriate qualification. This is shown to have consequences in terms of adherence to good practice, with the significant majority of organisations not having developed a security policy or undertaken a risk assessment.

Dimopoulos V, Furnell SM, Jennex M, Kritharas I