430 W4 DQ2

What would you consider to be one of the major challenges when implementing a security program into a small-medium sized organization (SMB)? Explain.

Reply to responses

A Cody

Hello Professor Ligon and Class,

Small-Medium sized organizations are very different than large organizations when it comes to their implementations of security programs. One of the main challenges that a small-medium sized organization may have compared to a large organization is figuring out the amount of time and resources that need to be spent on their security program. A large organization most likely has unlimited funds and resources that they could spend on making their security program the best since they make more money and have a lot more assets and information to protect. On the other hand, a small-medium sized organization has to stay within very small boundaries that regulate how much time and money they should spend on security. Ideally, a small-medium sized organization would need to spend the most minimal amount of time and money for a fully secure security program, but this is hard to gauge and ultimately obtain. If I was in control of a small-medium sized organization's security program, I would hire the right amount of security personnel that are knowledgeable and trustworthy in comparison to a good sized ratio of how many employees we had at the time. In the the beginning, I would allow a larger budget to outsource for more help on building the initial security program but once the security program was established, I would back off on the outsourcing and I would lower the budget for security incrementally until I felt like I found the sweet spot.

B Jacob

Good evening Professor Ligon and class,

Small-medium-sized businesses (SMBs) at times are fighting an uphill battle with the big corporate business that runs the world. Money, time, and employees are usually the cause of this battle just because the SMBs are smaller in nature. At the same time, SMBs are what make the world go round since there is a big push now to support these SMBs, especially with Covid-19 making a big impact in the world. An issue that these SMBs must understand and have issues with unlike big businesses’ is security. “IT matters to small-medium business success, and security matters to IT success” (IS Decisions, n.d.). With technology quickly evolving around the SMB, they must adapt to new ways to keep current with all the threats that are out there. Most SMBs are a big target to attackers because these businesses do not have the proper defenses set in place to protect them from possible attacks. The challenge for this disadvantage is having a lack of something. This something can be resources, cost, training, or even time. SMBs can have trouble juggling these roadblocks since they all play an important role in everyday operations. Without the proper resources, SMBs do not have the ability to update or upgrade the proper infrastructure. Most SMBs do not utilize the correct IT department which hurts employees in receiving the proper training and education on attacks. Finally, time is not 24 hours 7 days week mentality for SMBs. Most only operate day to day and must worry about keeping their doors open without the top coverage from higher corporate levels. This is not to say that SMBs cannot be security-minded. They must understand what works for them and implement a plan that they can have real-time results in that once the baseline of the security efforts is established and you have something fall outside that baseline, you can act quickly rather than seeing the damages once it is too late.

C Aaron

There can be a lot of challenges that a person is faced when implementing a security program into a small-medium sized organization. For one, it would have to be the financial aspect in being able to implement the program efficiently. The financial restraints can range from hardware to software upgrades to stay current with all the necessary security patches. The costs of upgrading software can be very costly and to keep the company profitable, other things are considered critical like the product development or marketing (Kohen, 2017). Some other reason might be but not limited to Lack of Resources, Lack of Expertise/ Understanding, Lack of Information, and or Lack of Training. In 2016 there were 55% of SMBs that were breached and in 2017 that percentage increased to 61% based on the Ponemon Institute Study and they are targeted because they are lucrative as they don’t have the sufficient defenses in place in order to protect themselves (IS Decisions, N/A).