Physical Issues in Information Security

Running head: ISM IN SME ISM in SME Name of the Student Name of the University Author’s Note 1 ISM IN SME Information Security Management is a vital factor for the organizations under the current business scenario of the business globalization. The organizations are making much efforts for making the best use of the technology, which includes e -business. The organizations have made huge amount of the information available on the databases, however, they have made this vulnerable to every types of the attacks by various hackers in form of malware, phishing attacks and spams and so on. 1 Therefore, the companies n eed to keep the database secured with the latest security measures for ensuring the confidentiality and privacy of the data. For having the successful business, the SMEs need to analyse and assess the requirements of organizational requirement security, li nk the objectives of the business with the information security needs, communicate the significance of the information security and plan implementation and make the clear strategy to deal with the issues of information security. 2 Small and medium size ente rprises with the IT infrastructure aim to challenge the large business owing to the customized solutions, efficiency and flexibility. The stakeholders of business demand assurance towards information security to the information security as loss of this wou ld cause much damage. Having the well -defined policies, strategies and plan of information security would outshine the SMEs amid their competitors and would become the obvious choice for the clients to approach. 3 Therefore, the 1 Ključnikov, Aleksandr, Ladislav Mura, and David Sklenár. "Information security management in SMEs: factors of success." Entrepreneurship and Sustainability Issues 6, no. 4 (2019): 2081. 2 Soomro, Zahoor Ahmed, Mahmood Hussain Shah, and Javed Ahmed. "Information security management needs more holistic approach: A literature review." International Journal of Information Management 36, no. 2 (2016): 215 -225. 3 Santos -Olmo, Antonio, Luis Enrique Sánchez, Ismael Caballero, Sara Camacho, and Eduar do Fernandez - Medina. "The importance of the security culture in SMEs as regards the correct management of the security of their assets." Future Internet 8, no. 3 (2016): 30. 2 ISM IN SME information security will no t assist SMEs to have the secure and better IT infrastructure, this will yield in good reputation and customer satisfaction which will attract more businesses. This study identifies the issues and discusses the implementation of the three chosen topics in small and medium size organizations:  Mobile device security management  Biometric security devices and their use  Physical security issues in information security Mobile device security management Mobile device management is the security software, which enables the IT departments for implementing the policies, which manage, monitor and secure the end user mobile device in the SMEs . It includes smartphones and can also extends to laptops, tablets and the IoT devices. 4 Mobile device security management help s in ensuring the security of the corporate network and allows the users for using the own devices so that they can work more efficiently. Mobile device security management needs two components in the data centre while working such as Server components, wh ere the IT administrator configure as well as send out the policies through the management console and the other one is client component that implements and receives the commands on the end user mobile device. 5 Mobile device security management is evolving day by day. The scalability was an issue in the initial stage however the central remote management eliminated the antique steps such as clients -initiated 4 Kearns, Grover S. "Countering mobile device threats: A mobile device security mo del." Journal of Forensic & Investigative Accounting 8, no. 1 (2016): 36 -48. 5 Chin, Amita Goyal, Ugochukwu Etudo, and Mark A. Harris. "On Mobile Device Security Practices and Training Efficacy: An Empirical Study." Informatics in Education 15, no. 2 (201 6). 3 ISM IN SME updates and SIM cards. The modern mobile device management can detect the new devices lined to the corporate network as well as apply over the proper settings for the efficient policy implementation. The enormous popularity of the mobile devices and the app ecosystem to which the mobile devices give access, which has opened up various opportunities to t he businesses. The businessman can use the mobile phones for collecting the credit card payments. 6 The field agents can be very responsive and efficient using the mobile devices for connecting back to the office as well as keep up to dated. The customer se rvice support can be streamlined with the use of iPads and the owners can properly respond the email queries. However, all these abilities come with the great challenges such as the increasing reluctance among the staffs to allow the agents of MDM for bein g installed on the personal devices. 7 When any SMEs mandate that the mobile device security management be implemented on personal devices of the resistant employees, this leads to the shadow IT. The shadow IT is the unauthorized application and tool that s taffs use in place of the sanctioned options which are enabled by the mobile device security management. This practice creates the lack of the control and visibility over the data. However, all these challenges can be mitigated though the proper implementa tion of the mobile device security management considering the followings : 6 Hayes, Darren, Francesco Cappa, and Nhien An Le -Khac. "An effective approach to mobile device management: Security and privacy issues associated with mobile applications." Digital Business 1, no. 1 (2020): 100001. 7 Clarke, Nathan, Jane Symes, Hataic hanok Saevanee, and Steve Furnell. "Awareness of mobile device security: a survey of user's attitudes." International Journal of Mobile Computing and Multimedia Communications (IJMCMC) 7, no. 1 (2016): 15 -31. 4 ISM IN SME First the business needs to consider the challenge. The business needs to identify the ways for addressing the myriad security issues with the mobile device with the constrained budget and overworked IT staffs. Greater mobility can also be a higher risk for the data leakage and theft mainly when the device is stolen or lost. The compromised device can act as the backdoor to corporate network. 8 Considering the huge amount of inform ation being saved and accessed on the personal devices, this is clear that the management is critical. Even if the businesses do not support the personal devices, then the employees will assess the corporate website on their personal device. This cannot be ignored. Moreover, if the businesses own the mobile devices intended of the use of the employees, then the IT employees has to be able in keeping the track of availability of the devices to the employees. 9 Business es need to define the policies of BYOD (B ring Your Own Device) and selecting and implementing the mobile device security management platform. The judicious planning can simplify the mobile management and can give the IT control over the applications and devices, which are being used without overr unning the budget. Then the company must understand the scope. The all -encompassing mobile strategy includes the tablets and the smart phones including the USB devices and cloud storage. The SMEs may be at risk of having the sensitive and confidential dat a stored on the unsecured 8 Yamin, Muhammad Mudassar, and Basel Katt. "M obile device management (MDM) technologies, issues and challenges." In Proceedings of the 3rd International Conference on Cryptography, Security and Privacy , pp. 143 -147. 2019. 9 Mikhalsky, Oleg, and E. Pshehotskaya. "Mobile device security, management of personal and business privacy." In 20th conference of FRUCT association, FRUCT Oy, Finland , pp. 643 -649. 2017. 5 ISM IN SME USB devices. 10 The USB drivers are the most permitted mobile devices in the organizations and can be one of the easiest ways for losing the data as well. If an employee loses his or her phone or any other personal devices , this sho uld be reported to the IT department so that the devices can be tracked and the passwords can be changed. If any USB drive is stolen or lost, this will be replaced without the IT knowing about the future data leakage. If any chance is there that the data c an be saved on the USB drives, the staffs must be issues with the encrypted USB devices and they must be taught how to use the drives properly. The in the next stage, the company must select the MDM platform. various platforms of mobile device security ma nagement are there in marketplace in various prices. This is very tempting for trying the free tools or to use the build -in device policy, however, the SMEs must consider the support perils. In this case, the self -service will wind up forcing the users for spending much time in identifying for themselves. Then the SMEs must invest in the IT. This is very significant to remember that the businesses are not able to solve the problems with the mobile devices to maintain the security or they can not have the c lear understandings of the mobile device usage without investing in the IT. If the IT employees do not have the ability for supporting the invasion of the devices, then this will be very significant for outsourcing the support so that the users can have so meone when any inevitable occurs. 11 Having the mobile device security management with the well -defined policies in place will be very vital step for reining in the mobile devices in the company. 10 Téllez, Jesús, and Sherali Zeadally. "Mobile Device Security." In Mobile Payment Systems , pp. 19 -33. Springer, Cham, 2017. 11 Chen, Hao, and Wenli Li. "Mobile device users’ privacy security assurance behavior." Information & Computer Security (2017). 6 ISM IN SME Biometric security devices and their use The biometric device is the authentication and security identification device. Those biometric systems use the automatic method of recognising and verifying the identification of the human being based on the behavioural and physiological characteristics. 12 All the characteristi cs include the voice recognition, iris recognition, facial image and fingerprints. The biometrics are used for establishing the accessible and better records of the working hours of the employees. Moreover, the employees of the small and medium enterprises collect the data from the entry and exit of any person. Biometric security devices in SMEs make the reliable and effective way for making them enable for collecting data. 13 Biometric security devices can be used in the immigration centre. Demand for the bi ometric in airports increases and people are traveling through airways, the airports need to deploy the technology in the way where any long queues will not be there . The biometrics are being deployed or implemented in the airports more as they always enab le the quick identification of the passengers and therefore, it leads to the low numbers of the passengers standing in the queues. For instance, Dubai International Airport plans for making the immigration counter the artefact of the past as they are planning to deploy the (IOM) IRIS on the move technology that will facilitate seamless arrivals and departures of the passengers at the airport. On the 12 Amin, Ruhul, R. Simon Sherratt, Debasis Giri, Sk Hafizul Islam, and Muhammad Khurram Khan. "A software agent enabled biometric security algorit hm for secure file access in consumer storage devices." IEEE Transactions on Consumer Electronics 63, no. 1 (2017): 53 -61. 13 Jiang, Richard, Somaya Al -Maadeed, Ahmed Bouridane, Danny Crookes, and Azeddine Beghdadi. Biometric Security and Privacy . Springer International Publishing AG, 2017. 7 ISM IN SME personal and handheld devices, biometric security can be used. 14 The fingerprint sensor s are found on the mobile devices. Fingerprint sensors are used for unlocking the devices and authorized actions such as file transfer and money transfer. This can be used for preventing the device from being utilized by the unauthorized person. However, several challenges or issues are also there associated with the biometric devices. Biometric spoofing can be one of them, which is the method of confusing the biometric recognition system, where the forged framework will be represented in the biometric sca nner. That framework will emulate the different attributes of the biometric of the person so as for confusing the biometric system between the real biological target and artifact and for gaining the access to the confidential data. One of the highlighted c ases was that the fingerprint of Ursula von der Leyen who was the German Defence Minister had been replicated effectively by Chaos Computer Club. This team used the camera lenses with high quality and took the images from far away .15 The group used the fing er software as well as then mapped the outlines of her thumbprint . Though the progress had been made for stopping the spoofing. Utilizing the policy of the pulse oximetry, liveliness of human being is considered by the measurement of the heart rate and blo od oxygenation. This minimizes the attacks and the method is not application commercially as the implementation cost is very high. Another issue with the biometric device is the accuracy, which is one of the major issues. Passwords are very popular and due to the password, the data of biometric can be 14 Shouk, Ali Al. New Biometric System At Dubai Airport: No Passport Or Boarding Pass Needed. Gulfnews.Com (2019). https://gulfnews.com/uae/transport/new -biometric -system -at-dubai -airport -no- passport -or-boarding -pass -needed -1.66949849 . 15 Kleinman, Zoe. "Politician's Fingerprint 'Cloned From Photos' By Hacker". BBC News (2014). https://www.bbc.com/news/technology -30623611. 8 ISM IN SME subjected to the change. While testing the recognition of voice as the supernumerary to the PIN number protected security device or system. The uncertainty associated with the biometric system turning around t he device can lead to the sluggish acceptance of the biometric system by continuing the support of the conventional password protected method. 16 There can be another issue that is luminance conditions, where the variations in the luminosity situation change the arrival of any object specially in reflection and colour. The majority of the objects in those images are in 3D form but the images are in 2D form and because of which all the features are not visible from the single point. However, the SMEs c an implement the biometric security devices by following some of the strategies, which will help the SMEs to deploy the biometric devices effectively. The SMEs need to ensure that they are not utilizing the biometric security device only for the sake of te chnology rather they are using for solving a problem that they are facing. They must have the full support and they should have the involvement of the senior management as this will help the SMEs to successfully implement the biometric security device in t heir organization. They must consider the added benefits of collaborating and integrating the biometric system with the business system like payroll and audit. 17 The SMEs must plan for the biometric enrolment process initially and then they should recognize the system, which may need more time for processing than conventional method of the authentication like smart 16 Hashemi, Soheil, Hokchhay Tann, Francesco Buttafuoco, and Sherief Reda. "Approximate computing for biometric security systems: A case study on iris scanning." In 2018 Design, Automation & Test in Europe Conference & Exhibition (DATE) , pp. 319 -324. IEEE, 2018. 17 Gofman, Mikhail I., Sinjini Mitra, Tsu -Hsiang Kevin Cheng, and Nicholas T. Smith. "Multimodal biometrics for enhanced mobile device security." Communications of the ACM 59, no. 4 (2016): 58 -65. 9 ISM IN SME cards and passwords. And after the implementation, the organization should pan for the post implementation support. Physical security issues in information security Physical security is becoming more complex for the companies nowadays. The environments and technology allow more complexities and difficulties for occurring because of the increased vulnerabilities. 18 The smartphones, tablets, laptops and USB hard drives allow for the information for being stolen or lost because of the mobile access and portability. Protecting and securing the system and the networks has become much difficult in implementing with the mobile device users, who are able in taking the systems out of facilities. Accidents , theft, sabotage , vandalism and fraud are increasing the cost for the SMEs as the environment is becoming more dynamic and complex. 19 Physical security has become more tough in managing as the technology has increased more vulnerabilities and complexities. The physical security element in information security is overlooked frequently. The hardware, vandalism or the theft can occur while working with the technical or administrative control. The SMEs focus ofte n hon the administrative and technical control because of this the data breaches or data theft may not be identified. The information has the various risks, weakness and mitigation techniques than the physical security in SMEs . When the staffs look at the information security of the organizations , they can combine how people can enter the networking utilizing the unauthorized resources through the wireless method, where the 18 Fennelly, Lawrence J., ed. Effective physical security . Butterworth -Heinemann, 2016. 19 Al-Fedaghi, S., and O. Alsumait . "Towards a conceptual foundation for physical security: Case study of an it department." International Journal of Safety and Security Engineering 9, no. 2 (2019): 137 -156. 10 ISM IN SME software activities . The security professionals with the physical security are assoc iated with the physical entrance of the office building and may also cause damage which also must to be considered. The physical security team of the SMEs should implement the security program, which will balance the safety concerns and the security measur es. The physical security must use the defense in depth approach for reinforcing the security through the various controls. Several security controls are there for making this tougher for the attackers for getting to the valuable resources of the company. 20 The security should increase the productivity in the organizational environment by securing the assets of the company. The good practices related security in organization will allow the staffs for feel ing safe so that the staffs can effectively focus on their work and the force attacks need to pray on the easier targets. The SMEs must think about how the physical security can impact the organization utilizing the CIA triad such as confidentially, integrity as well as availability. The SMEs must l ook at those areas of security, which will impact the confidentiality of the data, availability of the resources of the company and integrity of the assets of the organization. physical security should plan how to secure the lives of the employees and faci lities as well. 21 the second priority is to protect and secure the asset of the company and restore the IT operations of any natural disaster occurs. Proper controls related to physical security are not present for controlling the physical environments of the SMEs without any plan in place. The SMEs should create the team, 20 Alguliyev, Rasim, Yadigar Imamverdiyev, and Lyudmila Sukhostat. "Cyber -physical systems and their security issues." Computers in Industry 100 (2018): 212 -223. 21 Lv, Zhihan, Wojciech Mazurczyk, Steffen Wendzel, and Houbing Song. "Guest Editorial: Recent Advances in Cyber -Physical Security in Industrial Environments." IEEE Transactions on Industrial Informatics 15, no. 12 (2019): 6468 -6471. 11 ISM IN SME which will be responsible to design the physical security program while planning for the security. The physical security group must improve the program utilizing the defence of the physic al security in detailed manner. The defence is the concept, which is used for securing the assets of the companies as protecting the life through the several layers of the security. If any attackers compromised any layer, that attacker will have to penetra te additional layers for obtaining the assets of any organization. 22 Logging into servers and the computers must need the smart token or card to the password or pin for accessing the proprietary data. Those security measures working together will provide se veral layers of security. For ensuring that the physical security control is effectively working, the metrics must be used by the SMEs. The SMEs must use the performance based approach while measuring their physical security program. Those metrics will mea sure how well the security program will operate to achieve the objectives of the organizations. The data can be utilized for making the informed decisions for lowering the risks in cost effective method. Without the metrics, the physical security program m ay not be able in managing the security control in SMEs effectively. The physical security needs planning for being able in protecting the assets of the organizations. The metrics may be monitored as well as tracked after the KPI are recognized for ensuri ng that the SMEs are making the good physical security choice, which will match the risk model of the organization. 23 The physical, technical and administrative controls implemented will SMEs allow the organization in manging and protecting the resources. T he control must have the defence approach, which works together for providing the multiple 22 Burg, Andreas, Anupam Chattopadhyay, and Kwok -Yan Lam. "Wireless communication and security issues for cyber –physical systems and the Internet -of-Things." Proceedings of the IEEE 106, no. 1 (2017) : 38 -60. 23 Weerakkody, Sean, and Bruno Sinopoli. "Challenges and opportunities: Cyber -physical security in the smart grid." In Smart Grid Control , pp. 257 -273. Springer, Cham, 2019. 12 ISM IN SME layers of the defence in case if any control is bypassed . The security measures will help the organizations to deterring, denying, detecting and delaying the attacke rs from gaining the resources. 24 Physical control must consists the motion detectors, intrusion alarms and perimeter security. The technical controls must include the smart token or cards that is used for the physical security intrusion detection, access co ntrol and CCTV systems and guards. In conclusion this can be said that information security breach in the organization has the devastating effects. The loss of the information can result in loss of the current and potential customers. This can cause the o perational breakdown which may affect the profitability. However, using the three discussed methods, the SMEs can secure their organization to great extent. Efforts must be made by SMEs for identifying the business information, defining the policies to ma nage he data, disaster management plan, incident response plan and employing the hardware and software for protecting the data, With the proper techniques and methods, the SMEs can surpass the barriers and being more productive and will help in attaining b etter business and reputation. 24 Alkhudhayr, Fatimah, Shouq Alfarraj, Buthina Aljameeli, and Salim Elkh diri. "Information security: A review of information security issues and Techniques." In 2019 2nd International Conference on Computer Applications & Information Security (ICCAIS) , pp. 1 -6. IEEE, 2019. 13 ISM IN SME References Ključnikov, Aleksandr, Ladislav Mura, and David Sklenár. "Information security management in SMEs: factors of success." Entrepreneurship and Sustainability Issues 6, no. 4 (2019): 2081. Soomro, Zahoor Ahmed, Mah mood Hussain Shah, and Javed Ahmed. "Information security management needs more holistic approach: A literature review." International Journal of Information Management 36, no. 2 (2016): 215 -225. Santos -Olmo, Antonio, Luis Enrique Sánchez, Ismael Caballero, Sara Camacho, and Eduardo Fernandez -Medina. "The importance of the security culture in SMEs as regards the correct management of the security of their assets." Future Internet 8, no. 3 (2016): 30. Kearns, Grover S. "Countering mobile device thre ats: A mobile device security model." Journal of Forensic & Investigative Accounting 8, no. 1 (2016): 36 -48. Chin, Amita Goyal, Ugochukwu Etudo, and Mark A. Harris. "On Mobile Device Security Practices and Training Efficacy: An Empirical Study." Informatic s in Education 15, no. 2 (2016). Hayes, Darren, Francesco Cappa, and Nhien An Le -Khac. "An effective approach to mobile device management: Security and privacy issues associated with mobile applications." Digital Business 1, no. 1 (2020): 100001. Clarke, Nathan, Jane Symes, Hataichanok Saevanee, and Steve Furnell. "Awareness of mobile device security: a survey of user's attitudes." International Journal of Mobile Computing and Multimedia Communications (IJMCMC) 7, no. 1 (2016): 15 -31. 14 ISM IN SME Yamin, Muhamm ad Mudassar, and Basel Katt. "Mobile device management (MDM) technologies, issues and challenges." In Proceedings of the 3rd International Conference on Cryptography, Security and Privacy , pp. 143 -147. 2019. Mikhalsky, Oleg, and E. Pshehotskaya. "Mobile de vice security, management of personal and business privacy." In 20th conference of FRUCT association, FRUCT Oy, Finland , pp. 643 - 649. 2017. Téllez, Jesús, and Sherali Zeadally. "Mobile Device Security." In Mobile Payment Systems , pp. 19 -33. Springer, Cham, 2017. Chen, Hao, and Wenli Li. "Mobile device users’ privacy security assurance behavior." Information & Computer Security (2017). Amin, Ruhul, R. Simon Sherratt, Debasis Giri, Sk Hafizul Islam, and Muhammad Khurram Khan. "A software agent enabled biometr ic security algorithm for secure file access in consumer storage devices." IEEE Transactions on Consumer Electronics 63, no. 1 (2017): 53 -61. Jiang, Richard, Somaya Al -Maadeed, Ahmed Bouridane, Danny Crookes, and Azeddine Beghdadi. Biometric Security and P rivacy . Springer International Publishing AG, 2017. Shouk, Ali Al. New Biometric System At Dubai Airport: No Passport Or Boarding Pass Needed. Gulfnews.Com (2019). https://gulfnews.com/uae/transport/new -biometric -system -at- dubai -airport -no -passport -or-boarding -pass -needed -1.66949849 . Kleinman, Zoe. "Politician's Fingerprint 'Cloned From Photos' By Hacker". BBC News (2014). https://www.bbc.com/news/technology -30623611 . 15 ISM IN SME Hashemi, Soheil, Hokchhay Tann, Francesco Buttafuoco, and Sherief Reda. "Approximate computing for biometric security systems: A case study on iris scanning." In 2018 Design, Automation & Test in Europe Conference & Exhibition (DATE) , pp. 319 -324. IEEE, 2018. Gofman, Mikhail I., Sinjini Mitra, Tsu -Hsiang Kevin Cheng, and Nicholas T. Smith. "Multimodal biometrics for enhanced mobile device security." Communications of the ACM 59, no. 4 (2016): 58 -65. Fennelly, Lawrence J., ed. Effective physical security . Butterworth -Heinemann, 2016. Al -Fedaghi, S., and O. Alsumait. "Towards a conceptual foundation for physical security: Case study of an it department." International Journal of Safety and Security Engineering 9, no. 2 (2019): 137 -156. Alguliyev, Rasim, Yadigar Imamverdiyev, and Lyudmila Sukhostat. "Cyber -physical systems and their security issues." Computers in Industry 100 (2018): 212 -223. Lv, Zhihan, W ojciech Mazurczyk, Steffen Wendzel, and Houbing Song. "Guest Editorial: Recent Advances in Cyber -Physical Security in Industrial Environments." IEEE Transactions on Industrial Informatics 15, no. 12 (2019): 6468 -6471. Burg, Andreas, Anupam Chattopadhyay, a nd Kwok -Yan Lam. "Wireless communication and security issues for cyber –physical systems and the Internet -of-Things." Proceedings of the IEEE 106, no. 1 (2017): 38 -60. Weerakkody, Sean, and Bruno Sinopoli. "Challenges and opportunities: Cyber -physical security in the smart grid." In Smart Grid Control , pp. 257 -273. Springer, Cham, 2019. Alkhudhayr, Fatimah, Shouq Alfarraj, Buthina Aljameeli, and Salim Elkhdiri. "Information security: A review of information security issues and Techniques." In 2019 2nd I nternational 16 ISM IN SME Conference on Computer Applications & Information Security (ICCAIS) , pp. 1 -6. IEEE, 2019.