PaulDotCom mailing list archives
Re: IT Security Topics for Small Business
From: Arch Angel <arch3angel () gmail com>
Date: Mon, 03 Dec 2012 20:08:24 -0500
I don't think Andy is looking to drop a large guides down on the desks of small businesses, and I agree there are way too many for these individuals to comprehend. That's why we all have jobs! I believe his goal is to help decrypt the meanings of things like NIST, PCI, NSA, etc. into terms and words a small business owner with very little IT experience can understand. Take for example a small four or five man shop who knows they need better security but could potentially be told to buy a toaster as it will prevent SPAM, and as a result they go out and buy toasters. I know that's a bit of a stretch but I think a document which breaks it down so they can make better choices and invest money a little wiser would be beneficial.
Just a couple pennies from little ole me :-) -- Thank you, Robert Miller http://www.armoredpackets.com Twitter: @arch3angel On 12/3/12 12:42 PM, Brian Erdelyi wrote:
I agree with Josh. Focus on an existing guide. Help prioritize those recommendations.For example, BCP would be nice... maybe you focus on recommending data backup and recovery. I've seen too many business struggle after a disaster and eventually close doors.A small business will likely be overwhelmed by a large guide. Brian Sent from my iPhoneOn Dec 3, 2012, at 1:24 PM, Josh More <jmore () starmind org <mailto:jmore () starmind org>> wrote:I really wish I had the time to delve into this discussion.However, given everything else I'm juggling, I just want to say that small business is currently drowning in recommendations and, as a result, is unable to follow any of them. Look at the work the NSA, NIST, PCI and SANS have done in this field. Little of it has been embraced by the small business community. If you truly want to help, an additive process is unlikely to help. Consider focusing on only three items. I know this leaves holes, but remember, they're ridden with holes now and despite what we all want, they're not going to plug them all.If this is unsuitable / too hard, consider reworking the concept into a flow chart infographic. Such as "Do you have a Firewall/UTM/NGFW? If not, get one. If so, tune it and go to next" -> "Do you have a reliable anti-malware system? If not, get one. If so, are you tuning it regularly?" I think that would be far more likely to cause positive change than yet another dense report full of advice they're not going to take.-Josh MoreOn Mon, Dec 3, 2012 at 9:34 AM, Bradley McMahon <bradmcmahon () gmail com <mailto:bradmcmahon () gmail com>> wrote:I would include * BCP - business continuity plan - corruption, fires, data theft are indiscriminate. Basically have a meeting and go through all the worst case scenarios and figure out a cost effect way to handle it that works for the company. Having insurance is a good idea -Brad On Mon, Dec 3, 2012 at 8:06 AM, Herndon Elliott <alabamatoy () gmail com <mailto:alabamatoy () gmail com>> wrote: It was kinda touched on, but not directly mentioned: Incident Response...planning and pre-determined actions, call list etc when it all goes wrong. Also, training was mentioned, but some level of common sense warnings as displayed in this wonderful bank sign: http://krebsonsecurity.com/2012/11/all-banks-should-display-a-warning-like-this/ Herndon Elliott Madison, Al _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com <mailto:Pauldotcom () mail pauldotcom com> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com <mailto:Pauldotcom () mail pauldotcom com> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com <mailto:Pauldotcom () mail pauldotcom com> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- Re: IT Security Topics for Small Business, (continued)
- Re: IT Security Topics for Small Business allison nixon (Dec 02)
- Re: IT Security Topics for Small Business gold flake (Dec 02)
- Re: IT Security Topics for Small Business Conrad Constantine (Dec 02)
- Re: IT Security Topics for Small Business Arch Angel (Dec 03)
- Re: IT Security Topics for Small Business TheTolik (Dec 07)
- Re: IT Security Topics for Small Business Herndon Elliott (Dec 03)
- Re: IT Security Topics for Small Business Bradley McMahon (Dec 03)
- Re: IT Security Topics for Small Business Josh More (Dec 03)
- Re: IT Security Topics for Small Business Brian Erdelyi (Dec 03)
- Re: IT Security Topics for Small Business Bradley McMahon (Dec 03)
- Re: IT Security Topics for Small Business Arch Angel (Dec 03)
- Re: IT Security Topics for Small Business Bradley McMahon (Dec 03)