Re: IT Security Topics for Small Business

[Arch Angel <arch3angel () gmail com>]

I don't think Andy is looking to drop a large guides down on the desks 
of small businesses, and I agree there are way too many for these 
individuals to comprehend. That's why we all have jobs!  I believe his 
goal is to help decrypt the meanings of things like NIST, PCI, NSA, etc. 
into terms and words a small business owner with very little IT 
experience can understand.  Take for example a small four or five man 
shop who knows they need better security but could potentially be told 
to buy a toaster as it will prevent SPAM, and as a result they go out 
and buy toasters.  I know that's a bit of a stretch but I think a 
document which breaks it down so they can make better choices and invest 
money a little wiser would be beneficial.

Just a couple pennies from little ole me :-)

--

Thank you,

Robert Miller
http://www.armoredpackets.com

Twitter: @arch3angel

On 12/3/12 12:42 PM, Brian Erdelyi wrote:
> I agree with Josh.
>
> Focus on an existing guide.  Help prioritize those recommendations.
>
> For example, BCP would be nice... maybe you focus on recommending data 
> backup and recovery.  I've seen too many business struggle after a 
> disaster and eventually close doors.
>
> A small business will likely be overwhelmed by a large guide.
>
> Brian
>
> Sent from my iPhone
>
> On Dec 3, 2012, at 1:24 PM, Josh More <jmore () starmind org 
> <mailto:jmore () starmind org>> wrote:
>
> > I really wish I had the time to delve into this discussion.
> >
> > However, given everything else I'm juggling, I just want to say that 
> > small business is currently drowning in recommendations and, as a 
> > result, is unable to follow any of them.  Look at the work the NSA, 
> > NIST, PCI and SANS have done in this field.  Little of it has been 
> > embraced by the small business community.  If you truly want to help, 
> > an additive process is unlikely to help.  Consider focusing on only 
> > three items.  I know this leaves holes, but remember, they're ridden 
> > with holes now and despite what we all want, they're not going to 
> > plug them all.
> >
> > If this is unsuitable / too hard, consider reworking the concept into 
> > a flow chart infographic.  Such as "Do you have a Firewall/UTM/NGFW?  
> > If not, get one.  If so, tune it and go to next"  ->  "Do you have a 
> > reliable anti-malware system?  If not, get one.  If so, are you 
> > tuning it regularly?"  I think that would be far more likely to cause 
> > positive change than yet another dense report full of advice they're 
> > not going to take.
> >
> > -Josh More
> >
> >
> >
> > On Mon, Dec 3, 2012 at 9:34 AM, Bradley McMahon 
> > <bradmcmahon () gmail com <mailto:bradmcmahon () gmail com>> wrote:
> >
> >     I would include * BCP - business continuity plan  - corruption,
> >     fires, data theft are indiscriminate. Basically have a meeting
> >     and go through all the worst case scenarios and figure out a cost
> >     effect way to handle it that works for the company. Having
> >     insurance is a good idea
> >
> >     -Brad
> >
> >
> >
> >     On Mon, Dec 3, 2012 at 8:06 AM, Herndon Elliott
> >     <alabamatoy () gmail com <mailto:alabamatoy () gmail com>> wrote:
> >
> >         It was kinda touched on, but not directly mentioned: Incident
> >         Response...planning and pre-determined actions, call list etc
> >         when it
> >         all goes wrong.  Also, training was mentioned, but some level of
> >         common sense warnings as displayed in this wonderful bank sign:
> >         http://krebsonsecurity.com/2012/11/all-banks-should-display-a-warning-like-this/
> >
> >         Herndon Elliott
> >         Madison, Al
> >         _______________________________________________
> >         Pauldotcom mailing list
> >         Pauldotcom () mail pauldotcom com
> >         <mailto:Pauldotcom () mail pauldotcom com>
> >         http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> >         Main Web Site: http://pauldotcom.com
> >
> >
> >
> >     _______________________________________________
> >     Pauldotcom mailing list
> >     Pauldotcom () mail pauldotcom com
> >     <mailto:Pauldotcom () mail pauldotcom com>
> >     http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> >     Main Web Site: http://pauldotcom.com
> >
> >
> > _______________________________________________
> > Pauldotcom mailing list
> > Pauldotcom () mail pauldotcom com <mailto:Pauldotcom () mail pauldotcom com>
> > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> > Main Web Site: http://pauldotcom.com
>
>
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom () mail pauldotcom com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com
_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com