원문정보
초록
영어
Small and medium enterprises (SMEs) is leaning more on their information technology (IT) infrastructure but they lack the means to secure it appropriately due to financial restrictions, limited resources, and adequate know-how. Many SME managers believe that IT security in their company is basically equivalent to having a firewall and updating the antivirus software regularly. Strategic policies, information theft, business continuity, access controls, and many other aspects are only dealt with in case of security incidents. To improve security in a company holistically, four levels (organizational level, workflow level, information level, and technical level) need to be addressed. Parts of existing standards are useful to address issues on the organizational level; Pipkin’s approach is especially useful for SMEs. Modeling of business processes and taking security/dependability into account can improve reliability and robustness of the workflow level. On the information level, role-based access control is state-of the art.
목차
1. Introduction
2. SME's and Large Companies
3. Organization
3.1 IT Security Standards for SMEs
3.2 Stakeholders
4. Workflow
4.1 Security and Dependability of Workflows
4.2 Security and Dependability of Workflows
5. Information Level
6. Securing Infrastructure
7. Conclusion
References