Re: Best practices for a small business's security

[Alessandro <a.bottonelli () infinito it>]

On Monday 29 December 2003 20:51, you wrote:
> Hello,
> I am looking for best practices or an outline to follow for helping a small
> company to secure their business.  I've found many resources on the
> technical aspects, but am hoping for suggestions for websites or books
> covering the business aspects as well.  Any help would be much appreciated.
Interesting item Bob.

Security practices, so far, have been targeting mainly large businesses. The 
key reason "me thinks" :-) is security is not a sector that can be 
substantially industrialized. A good part of it is a craft, that requires a 
lot of fine tailor-made work. That costs money! (Thank's God!), and most 
small businesses cannot afford it, nor makes sense at all for them...

Your email beeped here in rainy Italy at 01:12 AM local time while I am 
kicking back in the queue my large accounts projects (those who pay my bills, 
I must be crazy!) working hard on a project that is just addressing 
that--serving small businesses with packaged one-size-fits-all / 
assembly-required / batteries-not-included security consulting services. At 
least this makes sense in a country with a little less of 3.000.000 small 
businesses, 100% with PCs and the Internet, and whose GNP is mainly (90%+) 
produced by such companies. I think Germany gets close to that, at least here 
in the EU.

If it works, I'll write a book on "Small Businesses Security Practices" and 
have the first copy mailed to you with my compliments... tell you what, I'll 
write the book expecially if it doesn't work! In the meanwhile I hope someone 
else from the list can be more specific about EXISTING resources.

Ciao

-- 
Alessandro Bottonelli
CISSP, BS7799 Lead Auditor, Skier, Archer, Dreamer, Husband, and Father
(in reverse order of priority)


---------------------------------------------------------------------------
----------------------------------------------------------------------------