PaulDotCom mailing list archives

Re: IT Security Topics for Small Business

From: Josh More <jmore () starmind org>
Date: Mon, 3 Dec 2012 11:24:36 -0600

I really wish I had the time to delve into this discussion.

However, given everything else I'm juggling, I just want to say that small
business is currently drowning in recommendations and, as a result, is
unable to follow any of them.  Look at the work the NSA, NIST, PCI and SANS
have done in this field.  Little of it has been embraced by the small
business community.  If you truly want to help, an additive process is
unlikely to help.  Consider focusing on only three items.  I know this
leaves holes, but remember, they're ridden with holes now and despite what
we all want, they're not going to plug them all.

If this is unsuitable / too hard, consider reworking the concept into a
flow chart infographic.  Such as "Do you have a Firewall/UTM/NGFW?  If not,
get one.  If so, tune it and go to next"  ->  "Do you have a reliable
anti-malware system?  If not, get one.  If so, are you tuning it
regularly?"  I think that would be far more likely to cause positive change
than yet another dense report full of advice they're not going to take.

-Josh More



On Mon, Dec 3, 2012 at 9:34 AM, Bradley McMahon <bradmcmahon () gmail com>wrote:

I would include * BCP - business continuity plan  - corruption, fires,
data theft are indiscriminate. Basically have a meeting and go through all
the worst case scenarios and figure out a cost effect way to handle it that
works for the company. Having insurance is a good idea

-Brad



On Mon, Dec 3, 2012 at 8:06 AM, Herndon Elliott <alabamatoy () gmail com>wrote:

It was kinda touched on, but not directly mentioned: Incident
Response...planning and pre-determined actions, call list etc when it
all goes wrong.  Also, training was mentioned, but some level of
common sense warnings as displayed in this wonderful bank sign:

http://krebsonsecurity.com/2012/11/all-banks-should-display-a-warning-like-this/

Herndon Elliott
Madison, Al
_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com



_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

Current thread:

Re: IT Security Topics for Small Business, (continued)
- - Re: IT Security Topics for Small Business TheTolik (Dec 02)
- Re: IT Security Topics for Small Business Bugbear (Dec 02)
  - Re: IT Security Topics for Small Business Hevnsnt (Dec 02)
    - Re: IT Security Topics for Small Business allison nixon (Dec 02)
- Re: IT Security Topics for Small Business gold flake (Dec 02)
- Re: IT Security Topics for Small Business Conrad Constantine (Dec 02)
- Re: IT Security Topics for Small Business Arch Angel (Dec 03)
  - Re: IT Security Topics for Small Business TheTolik (Dec 07)
- Re: IT Security Topics for Small Business Herndon Elliott (Dec 03)
  - Re: IT Security Topics for Small Business Bradley McMahon (Dec 03)
    - Re: IT Security Topics for Small Business Josh More (Dec 03)
    - Re: IT Security Topics for Small Business Brian Erdelyi (Dec 03)
    - Re: IT Security Topics for Small Business Bradley McMahon (Dec 03)
    - Re: IT Security Topics for Small Business Arch Angel (Dec 03)