Information Security Management System for SMB in Ubiquitous Computing
In this study, an information security management system is developed through theoretical and literary approach aiming at efficient and sys-tematic information security of Korean small and medium size businesses, considering the restrictions of the literature review on the information security management systems and the inherent characteristics of the small and medium size businesses. The management system was divided into the 3 areas of the supporting environment of the information security, establishment of the information security infrastructure, and management of the information security. Through verification by statistical methods(reliability analysis, feasibility study) based on the questionnaire for the specialists, the overall information security management system is structures with the 3 areas, 8 management items, and 18 detailed items of the management system. On the basis of this study, it is expected that small and medium size businesses will be able to establish information security management systems in accordance with the information security policy incorporating the existing informatization strategies and management strategies, information security systems which will enhance existing information management, and concrete plans for follow up management.
KeywordsInformation Security Ubiquitous Computing Security Management Information Asset Information Security Management
Unable to display preview. Download preview PDF.
- 1.BSI(U.K), BS 7799 part1: Information Security Management - Code of Practice for Information Security Management (1999)Google Scholar
- 2.Cohen, F.: Managing Network Security: How does a typical IT audit work? Network Security (1998)Google Scholar
- 3.Doukidis, G.I., Lybereas, P., Galliers, R.D.: Information systems planning in Small business: A stages of Growth Analysis. J. Systmes software (1996)Google Scholar
- 4.Kovacich, G.: Establishing an information systems security organization. Computer & Security 17 (1998)Google Scholar
- 5.Gupta, M., Cawthorn, G.: Managerial Implications of Flexible Manufacturing for SMEs (Elsevier Advanced Technology) (1996)Google Scholar
- 6.ISACA, Information Security Governance, Guidance for Boards of Directors and Executive Management, IT Governance Institute (2001) Google Scholar
- 7.ISO/IEC: ISO/IEC TR 13335-4: 2000(E), Information Technology - Guidelines for the Management of IT Security Part 4 (2000) Google Scholar
- 8.Eloff, J., Eloff, M.: Information Security Management - A New Paradigm. In: Proceedings of SAICSIT (2003)Google Scholar
- 9.Levy, M., Powell, P.: SME Flexibility and the Role of Information Systems (Small Business Economics) (1998)Google Scholar
- 10.Weill, P., Vitale, M.: MIS Quarterly Executive. What IT Infrastructure Capabilities are needed to Implement e-Business Models (2002)Google Scholar
- 11.XiSEC/AEXIS Consultants, BS7799 Information Security SME Guide, XiSEC/AEXIS Consultants (2002)Google Scholar