Re: IT Security Topics for Small Business

[Arch Angel <arch3angel () gmail com>]

Andy,

I would like to commend you on this thread, and I hope you compile the 
list to share with others.  I think a wonderful project would be for the 
community to pull together and compile either an open documentation 
project or baseline of guidelines with helpful links and suggestions 
such as this.

With that being said...

I would also consider Disaster Recovery (DR) as well, I know it is not 
directly security related but the off-site data, and/or data in transit 
is vital; should be considered in my opinion.

All the previous mentions are spot on and well recommended!

While others have mentioned areas of interest I would like to throw out 
some vendors/solutions I think would be helpful to small businesses with 
a limited budget but must comply or simply have better security.

1. Security Awareness and High Level Training
    1. Community could come together and build this training and share it
2. Email Etiquette, Email Threats, and Email Security
    1. Consider US-CERT Alerts, or other notifications
    2. Community could also come together and build an Email
       Etiquette/training program and share it
3. Network and System Vulnerability Scanning/Patching
    1. OpenVAS
    2. Nessus
4. Network Security (Firewalls)
    1. pfSense
    2. Smoothwall
    3. Monowall
    4. Linux w/iptables
5. Backups and Backup Security
    1. CloneZilla (budget purposes)
6. Wireless and WiFi Security
    1. Alpha cards, with Kismet
        1. Save files as XML, then parse and dump into a database for
           recall later
7. System Security, AV/HIPS
    1. OSSEC
    2. Microsoft Security Essentials or Microsoft Forefront
8. Sensitive Information and Applicable Laws, Regulations, and
   Compliance Requirements
    1. The community could come together and build a list of useful
       links compliance information, etc.

I know this may not be as helpful as others, but I hope it helps a little.

- Robert
(arch3angel)

On 12/2/12 10:57 AM, TheTolik wrote:
> I am working on creating a guide to IT Security to help companies 
> without or with a minimal IT budget protect themselves and their 
> customers, and am looking for community's input into the topics that 
> should be discussed.
>
> I also see a lot of value in including recommendations for applicable 
> tools/technologies that are easily accessible, easy to use, and yet 
> effective, with strong affinity towards open source, and therefore 
> would be very appreciative for input on per-topic basis.
>
> So far in regards to the topics, I have (In no particular order)
>
> - Security Awareness and High Level Training
> - Account Management / Password Management / Local Admin Rights
> - Email Etiqute, Email Threats, and Email Security
> - Network and System Vulnerability Scanning/Patching
> - Network Security (Firewalls)
> - Backups and Backup Security
> - Wireless and WiFi Security
> - System Security, AV/HIPS
> - Website Security and Web/Application Security Testing
> - Sensitive Information and Applicable Laws, Regulations, and 
> Compliance Requirements
>
> Any valuable input would be greatly appreciated.
>
> Thanks,
>
> Andy | oxbeef
>
>
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom () mail pauldotcom com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com
_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com