Nowadays, when organizations, no matter what dimension they possess, are confronted with more exigent market challenges, they must change strategies and behaviours as needed to respond according to their new business positioning. If all organizations are affected by markets instability, small and medium enterprises (SMEs) suffer a greater impact due to a lack of suitable resources for the appropriate change of business strategy or even to develop a new strategy, which reveals information and information security significance, and so the relevance of securing Information Systems that supports their flows trough organizations. This chapter is intended to point information security issues that are important to SMEs’ e-Business strategies, issues which could simultaneously guarantee organizational information privacy. Another purpose is the establishment of guidelines which could also be applied to SMEs, allowing information security policies definitions.
TopIntroduction
In face of new markets opportunities, most part conducted by a globalization context, organizations feel constrained to carry out new activities in order to acquire the better competitive position at possible, changing in nearly all situations the way how they act in response to client desires.
Those sorts of changes are in general supported by the emergency of new information and communication technologies, which have the capability to perform new and improved functionalities, related with what is perceived as critical success factors, to deal with these innovative perspectives about business.
Supported by those technologies, and in some aspects allowed by a society where the information is a central topic, the e-Business seems to become a development factor to carry on business and to revolutionize the evolution of organizations to new market opportunities that affect first and foremost how they provide products and services to their customers.
This kind of environment where e-Business occurs are, for the most of its components, permitted by the diversity of communication services provided by information and communication technologies usage, allowing organizations to use those services to establish closer business relations with their customers, and even an enlargement of their business network connections.
In this perspective it could be assumed that, in general terms, information and communication technologies are recognized as a positive feature that could rise up people performance and also organizations competitiveness, allowing an optimal resources allocation to what are identified as business objectives. Nevertheless no matter what are their potential advantages, neither the ways how it can be applied; what should make the difference is the fact that sometimes it could cause adverse reactions that come from whom use it at some point in their common activities, reactions that are mainly motivated by: fears about work maintenance, employment stability, and even personal security.
The referred issues assume a wider significance, particularly when more resources are demanded, implying more costs and a larger commitment from management. A common technological approach that might solve SMEs problems is supported in by information systems and by information and communication technologies that are planned taking into account organizational strategies.
However, in this context, people and the different ways that they apply their skills and competences to carry out organizational activities can make the difference between organizational success and failure. This situation is always decisive, particularly in organizations that have limited resources, like SMEs where people assume a crucial role on organizational performance, and above all that which business are performed with an intensive usage of information and communication technologies.
Therefore, even assuming that are several situations where information and communication technologies impacts on business activities require special attention, should be considered a particular set of issues that relates people and their usage of information and communication technologies to perform organizational requirements, what requires attention to all aspects where security of resources is a major preoccupation, above all those that imply information privacy and all implications that it could have on business activities.
Taking into consideration what potentially might occur with organizational resources protection and preservation, it’s important to put in place measures to assure the security of those resources, task that could be performed by applying information security standards requirements to each case, focusing in what are mission and objectives of organization.
Situation in which, according to Barman (2002), it’s necessary to identify what should be protected, namely information and communication technology resources (hardware and software), information (documents, business processes, etc.), essentially related with people’s capacities to use information systems to support organizational activities.
A possible solution, perhaps the most usual, requires the application of a common and recognized standard as International Organization for Standardization (ISO)/International Electrotechnical Commission (IEC) 27000 standards series that currently represents the international references in information security terms. Considering that information, and the people that use it every day within organization, are key organizational assets that assume a crucial role in their performance and development inside the markets in which they act, it’s essential to understand the interrelationship provided by those standards between people and information security in all their environment.