Critical Investagtion of the importance of Computer security (SME) within Business
The development of computer system has revolutionised business firms in the world. Business firms virtually rely on computer systems in storing information which is a very vital resource in any business because it is the success of the business. However, the safety of the computer systems needs to be ensured considering the importance and relevance of the information stored in it.
One of the most important barricades in the success of the use of computers in business firms, most especially in Small and Medium-Sized Enterprises (SME) is the negligence to computer security. Over the years, it has been discovered that small and medium-sized enterprises (SME) are more prone to potential intruders than the larger enterprise due to common and vast knowledge of popular operating systems and application software’s (e.g. MySQL Database and Microsoft respectively). The internet has created opportunities in the implementation of innovative business applications such as electronic commerce, electronic data interchange and inter-organisational systems (Sousa, KJ et al. 2005), which has kept both business firms and customers vulnerable to threats. We will critically outline the various computer threats in our introduction chapter. Computer security threats keeps multiplying and is still expected to multiply . Taking all of those into consideration, the importance of computer security in business (SME) cannot be over emphasized.
Accordingly, the general purpose of this academic write-up is to outline the importance of computer security in business; basically in Small and Medium-Sized Enterprise (SME). First and foremost, we would critically define computer security, the various kinds of computer threats and their respective security measures. Also, we would explain what SME is all about, some examples of SME and the use of computer in SME. At last, we would critically outline the importance of computer security in business (SME).
The basis of computer security comprises of the reply to the question “What is computer security”. The word “Security” means to protect or could mean to freedom or prevention from danger, risk or damage. Therefore, computer security which is also referred to as Information Security can be defined as the protection of data and information in a system from or against authorized users or recipients. In other words, computer security is the ability of the computer system to guard data and information against intruders, unauthorized users or malicious users with confidentiality and integrity.
Furthermore, computer security is broken down into an acronym CIA which describes the basic goals of computer security and its aim is to protect the data and the system processing the data. The acronym means Confidentiality, Integrity and Availability.
Confidentiality ensures that data and information is kept away from intruders, unauthorized users or malicious users but yet still made available to those users who are authorized to access the data and information. This is also applied to the system processing the data, the network and other devices that are in the network and the computer system itself. Most times, these data are classified into three (3) levels. Some data are classified as public which means that anyone can access the data; some data are classified as company property which means that only users within the company can access the data and while some data is classified at the government level such as top-secret data which is only accessible by users within the government. To ensure the confidentiality of data and information, some security measures are implemented known as “Controls” such as authentication controls, encryption controls, etc.
Integrity ensures that the data and information in the computer system has not been tampered or altered by intruders, unauthorized users or malicious users and even the authorized users. It guarantees that the data and information has not been changed or destroyed either accidentally or intentionally by intruders, unauthorized users or malicious users. It also ensures that the data and information remains in its authorized state or form. In order to ensure the integrity of data and information, several measures such as hashing or encryption, auditing is implemented.
Availability ensures that data/information and systems are made available to only authorized users for use. It protects the authorized users from all sorts of events that may not allow them access to the system and data in the system e.g. accidental events and malicious events. In order to protect the availability of data, some measures are implanted such as backups, server clusters, and redundant systems.
Other terminologies associated with computer security are “Vulnerability” and “Threat”. Every part of a network such as the computer, people, network devices, operating systems, etc. have unique weaknesses which is called Vulnerability. In order words, vulnerability is a weakness in computer systems. Vulnerability can be exploited. Exploiting vulnerability is the use of weaknesses in diminishing the system security. Therefore, an action taken to exploit against vulnerability by unauthorized or malicious users is known as Threat. Threats can be natural or man-made, intentional or accidental, technology.
David A. Bradbard, Dwight R. Norris, Paramjit H. Kahai 1990, ‘Computer Security in Small Business: An Empirical Study’, Journal of Small Business Management, vol 28.
Sousa, Kenneth J; MacDonald, Laurie E; Fougere, Kenneth T 2005, ‘Computer Security in the Introductory Business Information Systems Course: An Exploratory Study of Textbook Coverage’, Journal of Education for Business, vol 81, p. 15.