• Find People
  • Campus Map
  • PiratePort
  • A-Z
    • About
    • Submit
    • Browse
    • Login
    View Item 
    •   ScholarShip Home
    • Academic Affairs
    • College of Engineering and Technology
    • Technology Systems
    • View Item
    •   ScholarShip Home
    • Academic Affairs
    • College of Engineering and Technology
    • Technology Systems
    • View Item
    JavaScript is disabled for your browser. Some features of this site may not work without it.

    Browse

    All of The ScholarShipCommunities & CollectionsDateAuthorsTitlesSubjectsTypeDate SubmittedThis CollectionDateAuthorsTitlesSubjectsTypeDate Submitted

    My Account

    Login

    Statistics

    View Google Analytics Statistics

    Small Business Information Security

    Thumbnail
    View/ Open
    Vail_ecu_0600M_10664.pdf (791.4Kb)

    Show full item record
    Author
    Vail, John Edwards
    Abstract
    Small businesses account for over fifty percent of the Gross National Product of the U.S. economy; and the security of their information systems is critical for them to operate, compete, and remain profitable. While many security studies have been conducted and reported on enterprise scale organizations, similar research on small businesses in the U.S. is limited. One small business was evaluated by an information security audit to determine if its information resources and network were adequately secure, and will be used as a test case to identify an approach a typical small business may take to secure their networks and data to avoid unnecessary liability exposure. By examining the specific risk factors in this case study, the author believes parallels can be drawn by other small businesses as a starting point for examining their own risk factors. Additionally this study provides a series of proposed mitigation processes to improve the small businesses' network security that can be adopted by other small businesses in like circumstances. The mitigation processes are specifically tailored to the small business industry itself, as opposed to a larger organization that has a greater exposure to risk vulnerability and that also has larger asset pools from which to secure their networks.   The method utilized for this research was qualitative in nature, using a form of Participatory Action Research (PAR). This approach was most appropriate in that it allows the researcher to act in partnership with the small business to attempt to affect social change that will help in securing the small business's information resources. An information security audit was performed on a small business to identify actual and potential threats, and an electronic questionnaire was distributed to the employees to gauge their individual perspectives of the clarity and comprehensibility of the business's security policy, the consequences of violations to the company's policy, how well the company's policy is disseminated and tracked for compliance, and if they have knowledge of steps to be taken in response to an incident or disaster. There were four objectives of this study. The first objective was to evaluate a small business's information security posture. The second objective was to determine if the small business had experienced any information technology security incidents. The third objective was to evaluate whether the incidents were caused by a lack of a policy, standard or procedure; an ineffective policy, standard or procedure; a lack of training and education; or a reluctance to enforce or monitor adherence to established policy, standards, or procedures. And the fourth objective was to recommend to the small business any changes or additions that would reduce the small business's exposure to information security threats, risks and vulnerabilities through effective information security risk management.  
    URI
    http://hdl.handle.net/10342/3889
    Subject
     Information technology; Information security; Information technology management; Information technology policy; IT due diligence; IT governance; Small business information security 
    Date
    2012
    Citation:
    APA:
    Vail, John Edwards. (January 2012). Small Business Information Security (Master's Thesis, East Carolina University). Retrieved from the Scholarship. (http://hdl.handle.net/10342/3889.)

    Display/Hide MLA, Chicago and APA citation formats.

    MLA:
    Vail, John Edwards. Small Business Information Security. Master's Thesis. East Carolina University, January 2012. The Scholarship. http://hdl.handle.net/10342/3889. March 04, 2021.
    Chicago:
    Vail, John Edwards, “Small Business Information Security” (Master's Thesis., East Carolina University, January 2012).
    AMA:
    Vail, John Edwards. Small Business Information Security [Master's Thesis]. Greenville, NC: East Carolina University; January 2012.
    Collections
    • Master's Theses
    • Technology Systems
    Publisher
    East Carolina University

    xmlui.ArtifactBrowser.ItemViewer.elsevier_entitlement

    Related items

    Showing items related by title, author, creator and subject.

    • Quantification of Health Information Within Parents Magazine 

      Strickland, Jerri (East Carolina University, 2017-05-03)
      The purpose of this study is to quantify the advertisements and information within parenting magazines in order to discover the amount of exposure readers are getting to health related information. This is significant ...
    • Preferred Distribution Methods of Health Information for Hispanics 

      Simmons, Cathryn (2015)
      Emerging Hispanic communities in the U.S. have experienced barriers in health care access and health literacy. A program evaluation was conducted at a health department in eastern North Carolina to assess the preferred ...
    • Trauma Informed Care: Improving Appointment Adherence in an Outpatient Behavioral Health Setting 

      Foushee, Constance (2018-04-23)
      Exposure to a traumatic life event can lead to lifestyle practices that adversely affect one's health. Nearly three-fourths of Americans have experienced a traumatic life event. The purpose of this quality improvement ...

    East Carolina University has created ScholarShip, a digital archive for the scholarly output of the ECU community.

    • About
    • Contact Us
    • Send Feedback