Factors Affecting Information Security Focused on SME and Agricultural Enterprises

Vladimír BolekAnna LátečkováAnita RomanováFrantišek Korček

DOI 10.7160/aol.2016.080404
No 4/2016, December
pp. 37-50

Bolek, V., Látečková, A., Romanová, A. and Korček, F. (2016) “Factors Affecting Information Security Focused on SME and Agricultural Enterprises", AGRIS on-line Papers in Economics and Informatics, Vol. 8, No. 4, pp. 37 - 50. ISSN 1804-1930. DOI 10.7160/aol.2016.080404.

Abstract

Progress in the field of information and communication technology is a source of advantage that improves quality of business services; increases productivity levels and brings competitive advantage to enterprises and organisations related to agricultural production. However, the use of information and communication technology (ICT) is connected with information security risks that threaten business continuity and information assets. The ICT in small and medium-sized enterprises (SME) and agricultural enterprises is the source of several advantages as well as the risks resulting from information security violation and security incidents. This paper aims at the current situation of information security in SME and agricultural enterprises. Furthermore, the paper provides results of a survey focusing on identification and evaluation of the effects of internal and external factors affecting existence of risks in information security in Slovak SME and agricultural enterprises. Until now, there had not been a similar survey carried out.

Keywords

Information security, security incident, risk, factors, SME, agricultural enterprises.

References

  1. Ahmad, A., Maynard, S. B. and Shanks, G. (2015) “A case analysis of information systems and security incident responses”, International Journal of Information Management, Vol. 35, No. 6, pp. 717 – 723. ISSN 0268-4012. DOI 10.1016/j.ijinfomgt.2015.08.001.
  2. Albrechtsen, E. and Hovden, J. (2010) “Improving information security awareness and behaviour through dialogue, participation and collective reflection. An intervention study”, Computers & Security, Vol. 29, No. 4, pp. 432 – 445. ISSN 0167-4048. DOI 10.1016/j.cose.2009.12.005. DOI 10.1016/j.ijinfomgt.2015.08.001.
  3. Balashova, N. N., Šilerová and E., Melikhov, V. A. (2015) “Developing the metodology to form integrated reporting of agroholdings in the Russian Federation”, AGRIS on-line Papers in Economics and Informatics, Vol. 7, No. 4, pp. 19 - 29. ISSN 1804-1930.
  4. Bishop, M. (2000) “Education in information security”, Concurrency, IEEE, Vol. 8, No. 4, pp. 4 -8. ISSN 1092-3063. DOI 10.1109/4434.895087.
  5. Butoracová Šindlerová, I. and Butorac, D. (2008) “Aplikácia krízového manažmentu na malom a strednom podniku zaostávajúceho regiónu s primárnym zameraní na význam ľudských zdrojov v organizácii”, Collection of papers of scientific papers of department of economy and economics ANNO (in Slovak), University Prešov, Prešov. ISBN 978-80-8068-798-4.
  6. Ernst & Young. (2015) “Global Information Security Surey 2015”, Ernst & Young, [Online]. Available: http://www.ey.com/Publication/vwLUAssets/ey-global-information-security-survey- 2015/$FILE/ey-global-information-security-survey-2015.pdf [Accessed: 10 Jan. 2016].
  7. Eurostat (2011) “ICT security in enterprises 2011”. [Online]. Available: http://ec.europa.eu/eurostat/ statistics-explained/index.php/ICT_security_in_enterprises [Accessed: 20 Dec. 2015].
  8. CFO (2013) “Ako hackeri klamú vašich zamestnancov" (in Slovak), CFO. [Online]. Available: http://www.cfo.sk/articles/ako-hackeriklamu-vasich-zamestnancov [Accessed: 20. Dec. 2015].
  9. Hamášová, K. and Gerhátová, G. (2012) “Návrh systému vzdelávania v oblasti informačnej bezpečnosti v podniku agrosektora” , Collection of network and information technology 2012 (in Slovak). [Online], Slovak University of Agricultural in Nitra. Available: http://spu.fem.uniag. sk/konferencie_a_seminare/sit/2012/zbornik/hamasova_gerhatova.pdf [Accessed: 20. Dec. 2015].
  10. Hamranová, A. (2013) “Aspekty implementácie Business Intelligence v slovenských podnikoch”, Ekonóm, ISBN 978-80-225-3603-5.
  11. Hansman, S. and Hunt, R. (2005) “A taxonomy of networks and computer attacks”, Computers & Security, Vol. 24, No. 1, p. 31–43. ISSN 0167-4048. DOI 10.1016/j.cose.2004.06.011.
  12. Hochmann, J., Stanek, M., Vazan, I. (2011) “Prieskum stavu informačnej bezpečnosti vo verejnej správe v Slovenskej republike 2011”, Ministry of Finances of the Slovak Republic. [Online]. Available: http://www.informatizacia.sk/ext_dok-prieskum_ib_2013_-sk-en-/16943c [Accessed: 15 Dec. 2015].
  13. Havlíček, Z., Lohr, V., and Benda, P. (2009) “ICT and agritourism in Czech Republic”, APSTRACT: Applied Studies in Agribusiness and Commerce, Vol. 3, [Online]. Available: http://ageconsearch. umn.edu/bitstream/53541/2/10_ICT_Apstract.pdf [Accessed: 12 Jan. 2016].
  14. ISACA (2015) “Cybersecurity Fundamentals Study Guide”, ISACA, ISBN 978-1-60420-593-0.
  15. ISO (2014) “ISO Survey”, International Organization for Standardization. [Online]. Available: http://www.iso.org/iso/home/standards/certification/isosurvey.htm? certificate= ISO/IEC% 2027001&countrycode =AF#standardpick [Accessed: 8 Jan. 2016].
  16. ISO/IEC 27000:2014. Information technology – Security techniques – Information security management systems – Overview and vocabulary
  17. ISO/IEC 27005:2011. Information technology – Security techniques – Information security risk management.
  18. Kaluža, F. (2011) “Outsourcing z pohľadu riadenia informačnej bezpečnosti”, International magazine for security engineering, Vol. 6, pp. 1-2. ISSN 1336-9717.
  19. Kračmár, J. (2012) “Riadenie operačných rizík v krízovom riadení podniku”, Krízový manažment podniku. ISBN 978-80-225-3520-5.
  20. Makatúra, I. (2014) “Čo je to bezpečnostný počítačový incident?”, ITNews, [Online]. Available: http://www.itnews.sk/2014-11-24/c166583-co-je-to-bezpecnostny-pocitacovy-incident [Accessed: 21 Dec. 2015].
  21. Maumbe, B. M. and Okello, J. (2010) “Uses of Information and Communication Technology (ICT) in Agriculture and Rural Development in Sub-Saharan Africa: Experiences from South Africa and Kenya”, International Journal of ICT Research and Development in Africa (IJICTRDA), Vol. 1, No. 1, pp. 1-22. DOI 10.4018/jictrda.2010010101.
  22. Ng, Z. X., Ahmad, A. and Maynard, S. B. (2014) “Information security management: Factors that influence security investments in SMES”, Proceedings of the 11th Australian Information Security Management Conference, [Online], Available: http://ro.ecu.edu.au/cgi/viewcontent. cgi?article=1156&context=ism [Accessed: 9 Jan. 2016].
  23. NIST (2012) “Computer Security Incident Handling Guide”, National Institute of Standards and Technology, U.S. Department of Commerce, Aug. 2012, [Online], Available: http://nvlpubs. nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2.pdf [Accessed: 9 Jan. 2016].
  24. Qiang, C. Z., Kuek, S. C., Dymond, A., Esselaar, S. and Unit, I. S. (2011) “Mobile applications for agriculture and rural development”, World Bank, Washington, DC.
  25. Pačaiová, H. and Markulík, Š. (2011) “Bezpečnosť technických systémov ako súčasť v zabezpečovaní kvality”, Kvalita, Vol. 11, No. 11. ISSN 1335-9213
  26. Pour, J. and Voříšek, J. (2007) “Výsledky průzkumu řízení informatických služeb v ČR”, Systémová integrace, [Online]. Available: http://www.cssi.cz/cssi/vysledky-pruzkumu-rizeni-informatickych- sluzeb-v-cr [Accessed: 20. Dec. 2015].
  27. Singh, A. N., Picot, A., Kranz, J., Gupta, M.P . and Ojha, A. (2013) “Information security management (ISM) practices: lessons from select cases from India and Germany”, Global Journal of Flexible Systems Management, Vol. 14, No. 4, pp. 225–239. ISSN 0972-2696. DOI 10.1007/s40171-013-0047-4.
  28. Siponen, M., Mahmood, M. A. and Pahnila, S. (2014) “Employees’ adherence to information security policies: an exploratory field study”, Information and Management, Vol. 51, No. 2, pp. 217 – 224. ISSN 0378-7206. DOI 10.1016/j.im.2013.08.006.
  29. Soomro, Z. A., Shah, M. H. and Ahmed, J. (2016) “Information security management needs more holistic approach: A literature review”, International Journal of Information Management, Vol. 36, No. 2, pp. 215 – 225. ISSN 0268-4012. DOI 10.1016/j.ijinfomgt.2015.11.009.
  30. Stočes, P., Vaněk, J., Masner, J., and Jarolímek, J. (2015) “Mobile application development options for news and information portals”, Future Communication, Information and Computer Science proceedings, CRC Press, Leiden, pp. 111-114. ISBN 978-1-138-02653-7.
  31. Tichý, M. (2006) “Ovládaní rizika”, Analýza a management, pp. 396. ISBN 80-7179-415-5. [32] Tvrdíková, M. (2011) “Aplikace moderních informačních technologií v řízení firmy”, Grada Publishing, pp. 172. ISBN 978-80-247-2728-8.
  32. Tvrdíková, M. (2011) “Aplikace moderních informačních technologií v řízení firmy”, Grada Publishing, pp. 172. ISBN 978-80-247-2728-8.
  33. Vaněk, J., Jarolímek, J., and Vogeltanzová, T. (2011) “Information and Communication Technologies for Regional Development in the Czech Republic-Broadband Connectivity in Rural Areas”, Agris on-line Papers in Economics and Informatics, Vol. 3, No. 3, pp. 66-76. ISSN 1804-1930.
  34. Von Solms, B. and von Solms, R. (2005) “From information security to...business security?”, Computers & Security, Vol. 24, No. 4, pp. 271 – 273. ISSN 0167-4048. DOI 10.1016/j.cose.2005.04.004.
  35. Zelená, H. (2005) “Inovácia a zvýšenie efektivity vzdelávania prostredníctvom IKT”, Preparation of teachers and actual changes in basic education. [Online]. Available: http://www.pf.jcu.cz/ structure/departments/kpe/upload/files/konf05-sbornik-22-zelena_h.pdf [Accessed: 28. Dec. 2015].

Full paper

  Full paper (.pdf, 394.03 KB).