Information security management in SMB sector

decisioncrunchΔίκτυα και Επικοινωνίες

20 Νοε 2013 (πριν από 3 χρόνια και 8 μήνες)

89 εμφανίσεις

Information

security

management
in

SMB

sector

mag.oec
. Sasa
Aksentijevic
, univ.spec.oec,
ph.d
.
cnd
.

ICT
forensics

court

expert


Nova Gorica,
Slovenia
,
November

2011.

What is
SMB

company?



Two criteria:




1.
Financial criteria

2.
Number of employees



Micro business/company
:

1.

Number of employees
:

< 10 employees

2.

Financial criteria
:
2
-
10 mil.
EUR

revenue and/or up to 2 mil.
EUR

in balance sheet total




Small business/company
:

1.

Number of employees : < 50 employees

2.

Financial criteria
: 10
-
50
mil.
EUR

revenue and/or up to 10 mil.
EUR

in balance sheet total



Medium business/company
:

1.

Number of employees
:
< 250 employees

2.

Financial criteria
: 50
-
250
mil.
EUR

revenue and/or up to 43 mil.
EUR

in balance sheet total

mag.oec
. Sasa
Aksentijevic
, univ.spec.oec,
ph.d
.
cnd
.

ICT
forensics

court

expert


Nova Gorica,
Slovenia
,
November

2011.

Difference between small and big company


Small Business Information Security: The Fundamentals

Author
:

Richard

Kissel

National Institute of Standards and Technology

US Department of Commerce

October 2009

16 pages





1. Introduction


2. "The
absolutely
neccessary
"
actions that a small business should take to protect

its information, systems and networks


3.
Highly Recommended
Practices


4.
Other planning considerations
for information, computer and network security


Appendix A
: Identifying and prioritizing
your organization`s information types


Appendix B:
Identifying the protection needed

by your organization`s priority information types


Appendix C:
Estimated costs
from bad things happening to your important business information

Risk Management & IT Security for Micro and Small Businesses

International Association of Accountants Innovation & Technology Consultants (
IAAITC
)

European Network and Information Security Agency (
ENISA
)

Micro Entrepreneurs Acceleration Institute (MEA
-
I)

WKO
-

Information and Consulting Division


2007. (guide/deliverable)


CONTENTS


How to proceed with Information Security

Phase 1:

Risk Profile Selection

Phase 2:

Critical Assets Identification

Phase 3:

Control Card Selection

Phase 4:
Risk Management and Implementation

Organisation

Controls

Organisational

Control Cards

Asset Based Control Cards


System


Network


People


Application

Asset Based Controls

Appendices



Action Checklist


IT Security Questionnaire


Notes

ISSA
-
UK 5173

Information Security for Small and Medium Sized Enterprises


March 2011

Draft of standard, 10 pages


Purpose


“This

paper,

prepared

by

a

working

group

of

the

ISSA

(UK),

sets

out

recommendations

on

information

security

controls

for

small

and

medium

enterprises

(
SMEs
)
.

There

are

already

several

sources

of

educational

advice

for

SMEs
,

but

none

currently

aims

to

set

a

standard

for

information

security
.

This

document

is

intended

to

serve

primarily

as

a

reference

document

for

helping

to

determine

an

appropriate

level

of

security

for

SMEs
.

It

is

hoped

that

others

will

build

on

this

work

and

develop

interpretation

guidelines

for

specific

sectors

or

circumstances,

as

well

as

appropriate

educational

materials
.




SMB

companies and ISO 27001


ISO/
IEC

27001 for Small Businesses


Practical advice

Manual


ISO Secretary
-
General Rob Steele and
IEC

General Secretary Ronnie
Amit

comment in the
foreword to the handbook: "An information security management system based on ISO/
IEC

27001:2005 can empower the small business to compete successfully on today's globalizing
markets. This handbook is intended to provide the key to the door.“





Annual turnover


Fee



< £100,000


£2,999


£100,000
-

£500,000


£3,999


£500,000
-

£
1.5m


£4,499


£
1.5m

-

£
3m


£4,999


£
3m

-

£
10m


£4,999, plus £125 for each
additional £
1m

turnover above £
3m


> £
10m


Subject to individual quotation


Annual audit


Fee



< £100,000


£495


£100,000
-

£
5m


£795


> £
5m


Subject to individual quotation

What about consultancy cost?

(~ 70 £ / hour


freelance)


Documents?
60+


Opportunity cost?


Information

security

management
in

SMB

sector