SlideShare une entreprise Scribd logo

Improve Information Security Practices in the Small Enterprise

Télécharger en tant que PPTX, PDF
George Goodall
George Goodall

Over 80% of small-medium sized business consider themselves non-targets for cyber-attacks. However, 60% of all targeted attacks are towards small-medium sized organizations. The capabilities of hackers have risen dramatically in the last two years. Organizations of all sizes need a security plan. Security by obscurity is no longer a viable option. Adopt a proven strategy to protect vital corporate assets.

Technologie
1  sur  14
Express Info-Tech Research Group 11 Info-Tech Research Group, Inc. is a global leader in providing IT research and advice. Info-Tech’s products and services combine actionable insight and relevant advice with ready-to-use tools and templates that cover the full spectrum of IT concerns. © 1997-2016 Info-Tech Research Group Inc. Improve Information Security Practices in the Small Enterprise Create a realistic security plan that manages the threats of today and tomorrow. Strategy Infrastructure Applications Security Info-Tech Research Group, Inc. is a global leader in providing IT research and advice. Info-Tech’s products and services combine actionable insight and relevant advice with ready-to-use tools and templates that cover the full spectrum of IT concerns. © 1997-2016 Info-Tech Research Group Inc.
Express Info-Tech Research Group 22 Info-Tech Research Group ANALYST PERSPECTIVE The days of purely high-profile hacking are over. Smaller enterprises are now at the forefront of targeted attacks. Smaller organizations still have valuable data that threat actors want and that can be more easily compromised due to less resources dedicated towards security. Often, small enterprises are compromised for the purpose of being a hopping point to a larger target, generating complex levels of security considerations and legal liabilities. Just because you don’t see headline news about small organizations being breached doesn’t mean it isn’t happening. The reality is that small enterprises are now faced with the same security concerns and requirements as large organizations, but with limited resources. Small enterprises need to know what matters to them even more than large organizations so that they can build a right-sized security program. Wesley McPherson Info-Tech’s Security, Risk, and Compliance Practice The VIP Boardroom at Info-Tech Research Group’s Toronto Office
Express Info-Tech Research Group 33 Security programs are a MUST-HAVE, not a nice-to-have WHY? The volume, intelligence, and complexity of threats has been and will be increasing. New Attack Types • Targeted malware • Zero-day vulnerability exploits • Advanced persistent threats (APTs) Increasing Threat Actors • Commodification of hacking techniques • Conventional threats adopting hacking • Increasing in number and complexity Changing Environments • Mobile • Cloud • Big Data • Internet of Things 23%of CIOs polled stated increasing cybersecurity was the most significant driver behind IT investments in 2015 (CIO, 2015). of data breaches impact small businesses. (First Data, 2014) 90%
Express Info-Tech Research Group 44 MYTH Cyber-attacks aren’t an issue for small enterprises. 60%of all targeted attacks are towards small to medium-sized organizations. Source: Symantec, 2015. 82%of small to medium-sized businesses consider themselves non-targets for cyber-attacks because they have nothing worth stealing. Source: London Chamber of Commerce and Industry, 2014. AND YET THE UNFORTUNATE REALITY Cyber-attackers prefer targeting smaller enterprises because they often have weak security systems. In a transaction- and data-heavy society, nearly all organizations have highly valuable and sensitive data (contract information, customer data, payment information, etc.).
Express Info-Tech Research Group 55 Address foundational and baseline functions of security Info-Tech’s Information Security Framework = Foundational Security Components Focus on components and capabilities that will be the most feasible and critical for your organization. Foundational components include:  Response and recovery capabilities  Prevention  Detection performance Expand into governance to address business awareness of security and to incorporate a security mindset into the organizational culture. Info-Tech SE Perspective
Express Info-Tech Research Group 66 Be prepared for all types of incidents Recognize a potential security incident. Business decisions are a common source of IT expansion. Unfortunately, these decisions are rarely done with IT or Security consultation. Unexpected expansions cause more expenses than expected, throwing off budget, resourcing, and project plans. Account for IT systems expansions Addressing security concerns and requirements after the fact impacts budgeting and resourcing. As an IT leader, try to be involved whenever the discussion of IT initiatives is brought up. Traditional security incidents include malware detection, system availability loss, or compromised data. It is not if a security incident will happen, but when. Using risk management to prepare for multiple scenarios could be the difference between business closure and continuity. Marketing moves customer data to the cloud without notifying Security and engaging them while selecting a vendor and migrating data EXAMPLE The Security Implications • Sensitive customer data was sitting in an environment outside of the scope of the organization’s security program. • Unexpected security costs were incurred analyzing the vendor after the fact and addressing concerns related to on-premise to cloud data integrations.
Express Info-Tech Research Group 77 Allocated Resources MitigationandControlExpenditure Time Security Incident Reactive Mitigation Posture Proactive Mitigation Posture Take a proactive approach to managing security BENEFIT Proactive mitigation lowers overall security costs over time. Proactive Mitigation Posture • Enables the team to learn from security incidents and apply lessons to security practices, increasing security strength. • Entails pre-emptive “what-if” planning and prevention actions. • Is done to introduce more specific technology, policies, and procedures that better protect information at a lower cost. Reactive Mitigation Posture • Allows for security investments to occur, but does not extensively consider past incidents and incident analysis, keeping security strength stagnant. • Lacks the ability to recognize security incidents before their occurrence. • Involves little analysis of incidents. Security incidents inevitably affect budget planning, regardless of posture. A proactive posture allows for lessons learned that actually improve information security capabilities and cost measures over time.
Express Info-Tech Research Group 88 If you answered YES to most of these questions, keep reading this blueprint. If you answered NO to question 4 or have significant concerns with your current security capabilities, go to the Build an Information Security Strategy research. Research Navigation Info-Tech Research Group has two research reports related to building an information security strategy. Use the questions below to help steer you to the research project that best suits your organization. Is this research right for you? 1 Does your IT department consist of fewer than 15 full-time employees? 2 Does your organization have limited resources for its security program? 3 Is your organization looking to build a lean information security strategy? 4 Is your organization in a loosely/un-regulated industry?
Express Info-Tech Research Group 99 Improve your ability to prevent security incidents and improve protective practices by leveraging Info-Tech’s four-step approach. Assess Security Requirements Determine Current and Target States Develop Improvement Plans Create and Communicate Your Roadmap Info-Tech Recommends You will need to have a deep understanding of the business, even and especially if your organization does not have an awareness or understanding of information security. Use the information and insight that you gather at the outset to drive your project’s activities and enable you to build and implement a roadmap that best maps to your business’s priorities and vulnerabilities.
Express Info-Tech Research Group 1010 Don’t just read it – do it! Use this research to create the following key deliverables. Program Roadmap Scoped Initiatives Security Strategy • Plans for improving the performance of foundational security functions. • A vision for how to mature the organization’s security program (estimated one- to three-year trajectory). WALK AWAY FROM THIS PROJECT WITH: Use this research to create the following key deliverables: Tactical guidance, immediate support.
Express Info-Tech Research Group 1111 Use this research to build a security strategy Intended Audience • IT departments with 15 or fewer full-time employees. • Organizations that want to quickly assess and build a security strategy focused on foundational capabilities. Expected Benefits • Completed security strategy documentation using best-practice templates. • Strong understanding of security issues and requirements. • Improved business awareness and understanding of the importance of information security. • Improved performance of critical security functions. This Research Includes • Guidance for analyzing and building security capabilities. • Directions that help to accelerate brainstorming, analysis, and execution of security plans. • Plans for improving the performance of foundational security functions. • A vision for how to mature the organization’s security program (estimated one- to three-year trajectory). WALK AWAY FROM THIS BLUEPRINT WITH: Use the following tools and templates: Information Security Strategy and Workbook Template Security Pressure Posture and Analysis Tool Security Component Maturity Level Descriptions Information Security Program Gap Analysis and Roadmap Tool Project Charter and Status Update Template Information Security Strategy and Roadmap Communication Deck
Express Info-Tech Research Group 1212 Want to learn more about this research? Improve Information Security Practices in the Small Enterprise Info-Tech Research Group’s advisory services include a team dedicated to Security, Risk, and Compliance Management Experience of Info-Tech’s security team • Former CIOs and CISOs • Security architects Topics Covered • Security strategy planning • Data Classification • Vulnerability Management • Identity Management • Endpoint Security • Penetration Testing • And many more…
Express Info-Tech Research Group 1313 Consulting “Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.” Guided Implementation “Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.” DIY Toolkit “Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.” Workshop “We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.” Info-Tech offers various levels of support to best suit an organization’s IT needs
Express Info-Tech Research Group 1414 Info-Tech Research Group is an information technology research and advisory firm that has been working with clients to help them make strategic, practical, and well-informed decisions and plans since 1997. Info-Tech leverages the experience of its analysts and over its 3,000 IT professional members to help build practically oriented research that guides organizations to learn from experiences of their peers and best position their departments and empower their organizations. Info-Tech’s Mission Help IT leaders and their teams: • Systematically improve their core processes and governance • Successfully implement critical technology projects Contact Us London, Ontario, Canada Corporate headquarters 602 Queens Avenue, London, Ontario, N6B 1Y8 Toronto, Ontario, Canada 888 Yonge Street Toronto, Ontario, M4W Las Vegas, Nevada, USA 3960 Howard Hughes Parkway, Suite 500 Las Vegas, Nevada 89169 Website: Infotech.com Phone: North America: 1-888-670-8889 International: +1-519-432-3550 INFO-TECH RESEARCH GROUP

Recommandé

Information Systems Security & Strategy
Information Systems Security & StrategyInformation Systems Security & Strategy
Information Systems Security & Strategy
Tony Hauxwell
 
Building an effective Information Security Roadmap
Building an effective Information Security RoadmapBuilding an effective Information Security Roadmap
Building an effective Information Security Roadmap
Elliott Franklin
 
Implementing Business Aligned Security Strategy Dane Warren Li
Implementing Business Aligned Security Strategy Dane Warren LiImplementing Business Aligned Security Strategy Dane Warren Li
Implementing Business Aligned Security Strategy Dane Warren Li
DaneWarren
 
Selling security to the C-level
Selling security to the C-levelSelling security to the C-level
Selling security to the C-level
Donald Tabone
 
Information Security Strategic Management
Information Security Strategic ManagementInformation Security Strategic Management
Information Security Strategic Management
Marcelo Martins
 
Supplement To Student Guide Seminar 03 A 3 Nov09
Supplement To Student Guide Seminar 03 A 3 Nov09Supplement To Student Guide Seminar 03 A 3 Nov09
Supplement To Student Guide Seminar 03 A 3 Nov09
Tammy Clark
 
Build an Information Security Strategy
Build an Information Security StrategyBuild an Information Security Strategy
Build an Information Security Strategy
Andrew Byers
 
IT Security Strategy
IT Security StrategyIT Security Strategy
IT Security Strategy
Laura Vanassche
 

Recommandé

Information Systems Security & Strategy
Information Systems Security & StrategyInformation Systems Security & Strategy
Information Systems Security & Strategy
Tony Hauxwell
 
Building an effective Information Security Roadmap
Building an effective Information Security RoadmapBuilding an effective Information Security Roadmap
Building an effective Information Security Roadmap
Elliott Franklin
 
Implementing Business Aligned Security Strategy Dane Warren Li
Implementing Business Aligned Security Strategy Dane Warren LiImplementing Business Aligned Security Strategy Dane Warren Li
Implementing Business Aligned Security Strategy Dane Warren Li
DaneWarren
 
Selling security to the C-level
Selling security to the C-levelSelling security to the C-level
Selling security to the C-level
Donald Tabone
 
Information Security Strategic Management
Information Security Strategic ManagementInformation Security Strategic Management
Information Security Strategic Management
Marcelo Martins
 
Supplement To Student Guide Seminar 03 A 3 Nov09
Supplement To Student Guide Seminar 03 A 3 Nov09Supplement To Student Guide Seminar 03 A 3 Nov09
Supplement To Student Guide Seminar 03 A 3 Nov09
Tammy Clark
 
Build an Information Security Strategy
Build an Information Security StrategyBuild an Information Security Strategy
Build an Information Security Strategy
Andrew Byers
 
IT Security Strategy
IT Security StrategyIT Security Strategy
IT Security Strategy
Laura Vanassche
 
Information Security Project
Information Security ProjectInformation Security Project
Information Security Project
novemberchild
 
Information Security - Back to Basics - Own Your Vulnerabilities
Information Security - Back to Basics - Own Your VulnerabilitiesInformation Security - Back to Basics - Own Your Vulnerabilities
Information Security - Back to Basics - Own Your Vulnerabilities
Jack Nichelson
 
Developing an Information Security Roadmap
Developing an Information Security RoadmapDeveloping an Information Security Roadmap
Developing an Information Security Roadmap
Austin Songer
 
IBM Security Strategy Overview
IBM Security Strategy OverviewIBM Security Strategy Overview
IBM Security Strategy Overview
xband
 
Cybersecurity Priorities and Roadmap: Recommendations to DHS
Cybersecurity Priorities and Roadmap: Recommendations to DHSCybersecurity Priorities and Roadmap: Recommendations to DHS
Cybersecurity Priorities and Roadmap: Recommendations to DHS
John Gilligan
 
Roadmap to IT Security Best Practices
Roadmap to IT Security Best PracticesRoadmap to IT Security Best Practices
Roadmap to IT Security Best Practices
Greenway Health
 
rp-esg-tackling-attack-detection-incident-response
rp-esg-tackling-attack-detection-incident-responserp-esg-tackling-attack-detection-incident-response
rp-esg-tackling-attack-detection-incident-response
Maciej Buczkowski
 
isicg - 3 r's v4
isicg - 3 r's v4isicg - 3 r's v4
isicg - 3 r's v4
Elliott Franklin
 
Roadmap to security operations excellence
Roadmap to security operations excellenceRoadmap to security operations excellence
Roadmap to security operations excellence
Erik Taavila
 
"Thinking diffrent" about your information security strategy
"Thinking diffrent" about your information security strategy"Thinking diffrent" about your information security strategy
"Thinking diffrent" about your information security strategy
Jason Clark
 
Business case for information security program
Business case for information security programBusiness case for information security program
Business case for information security program
William Godwin
 
Adopting Intelligence-Driven Security
Adopting Intelligence-Driven SecurityAdopting Intelligence-Driven Security
Adopting Intelligence-Driven Security
EMC
 
Security Organization/ Infrastructure
Security Organization/ InfrastructureSecurity Organization/ Infrastructure
Security Organization/ Infrastructure
Priyank Hada
 
Understanding the security_organization
Understanding the security_organizationUnderstanding the security_organization
Understanding the security_organization
Dan Morrill
 
Dealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber ResilienceDealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber Resilience
Donald Tabone
 
Security Operations and Response
Security Operations and ResponseSecurity Operations and Response
Security Operations and Response
xband
 
Connecting the Dots Between Your Threat Tntelligence Tradecraft and Business ...
Connecting the Dots Between Your Threat Tntelligence Tradecraft and Business ...Connecting the Dots Between Your Threat Tntelligence Tradecraft and Business ...
Connecting the Dots Between Your Threat Tntelligence Tradecraft and Business ...
SurfWatch Labs
 
Information technology risks
Information technology risksInformation technology risks
Information technology risks
salman butt
 
SMB270: Security Essentials for ITSM
SMB270: Security Essentials for ITSMSMB270: Security Essentials for ITSM
SMB270: Security Essentials for ITSM
Ivanti
 
MCGlobalTech Service Presentation
MCGlobalTech Service PresentationMCGlobalTech Service Presentation
MCGlobalTech Service Presentation
William McBorrough
 
Moda Susi
Moda SusiModa Susi
Moda Susi
susana molina
 
Основные тенденции в экономике и денежно-кредитной сфере РБ
Основные тенденции в экономике и денежно-кредитной сфере РБОсновные тенденции в экономике и денежно-кредитной сфере РБ
Основные тенденции в экономике и денежно-кредитной сфере РБ
Инфобанк бай
 

Contenu connexe

Tendances

Information Security Project
Information Security ProjectInformation Security Project
Information Security Project
novemberchild
 
Information Security - Back to Basics - Own Your Vulnerabilities
Information Security - Back to Basics - Own Your VulnerabilitiesInformation Security - Back to Basics - Own Your Vulnerabilities
Information Security - Back to Basics - Own Your Vulnerabilities
Jack Nichelson
 
rp-esg-tackling-attack-detection-incident-response
rp-esg-tackling-attack-detection-incident-responserp-esg-tackling-attack-detection-incident-response
rp-esg-tackling-attack-detection-incident-response
Maciej Buczkowski
 
Business case for information security program
Business case for information security programBusiness case for information security program
Business case for information security program
William Godwin
 
Security Organization/ Infrastructure
Security Organization/ InfrastructureSecurity Organization/ Infrastructure
Security Organization/ Infrastructure
Priyank Hada
 
Information technology risks
Information technology risksInformation technology risks
Information technology risks
salman butt
 

Tendances (20)

Information Security Project
Information Security ProjectInformation Security Project
Information Security Project
 
Information Security - Back to Basics - Own Your Vulnerabilities
Information Security - Back to Basics - Own Your VulnerabilitiesInformation Security - Back to Basics - Own Your Vulnerabilities
Information Security - Back to Basics - Own Your Vulnerabilities
 
Developing an Information Security Roadmap
Developing an Information Security RoadmapDeveloping an Information Security Roadmap
Developing an Information Security Roadmap
 
IBM Security Strategy Overview
IBM Security Strategy OverviewIBM Security Strategy Overview
IBM Security Strategy Overview
 
Cybersecurity Priorities and Roadmap: Recommendations to DHS
Cybersecurity Priorities and Roadmap: Recommendations to DHSCybersecurity Priorities and Roadmap: Recommendations to DHS
Cybersecurity Priorities and Roadmap: Recommendations to DHS
 
Roadmap to IT Security Best Practices
Roadmap to IT Security Best PracticesRoadmap to IT Security Best Practices
Roadmap to IT Security Best Practices
 
rp-esg-tackling-attack-detection-incident-response
rp-esg-tackling-attack-detection-incident-responserp-esg-tackling-attack-detection-incident-response
rp-esg-tackling-attack-detection-incident-response
 
isicg - 3 r's v4
isicg - 3 r's v4isicg - 3 r's v4
isicg - 3 r's v4
 
Roadmap to security operations excellence
Roadmap to security operations excellenceRoadmap to security operations excellence
Roadmap to security operations excellence
 
"Thinking diffrent" about your information security strategy
"Thinking diffrent" about your information security strategy"Thinking diffrent" about your information security strategy
"Thinking diffrent" about your information security strategy
 
Business case for information security program
Business case for information security programBusiness case for information security program
Business case for information security program
 
Adopting Intelligence-Driven Security
Adopting Intelligence-Driven SecurityAdopting Intelligence-Driven Security
Adopting Intelligence-Driven Security
 
Security Organization/ Infrastructure
Security Organization/ InfrastructureSecurity Organization/ Infrastructure
Security Organization/ Infrastructure
 
Understanding the security_organization
Understanding the security_organizationUnderstanding the security_organization
Understanding the security_organization
 
Dealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber ResilienceDealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber Resilience
 
Security Operations and Response
Security Operations and ResponseSecurity Operations and Response
Security Operations and Response
 
Connecting the Dots Between Your Threat Tntelligence Tradecraft and Business ...
Connecting the Dots Between Your Threat Tntelligence Tradecraft and Business ...Connecting the Dots Between Your Threat Tntelligence Tradecraft and Business ...
Connecting the Dots Between Your Threat Tntelligence Tradecraft and Business ...
 
Information technology risks
Information technology risksInformation technology risks
Information technology risks
 
SMB270: Security Essentials for ITSM
SMB270: Security Essentials for ITSMSMB270: Security Essentials for ITSM
SMB270: Security Essentials for ITSM
 
MCGlobalTech Service Presentation
MCGlobalTech Service PresentationMCGlobalTech Service Presentation
MCGlobalTech Service Presentation
 

En vedette

Procedimento Concursal comum para 9 (nove) postos de trabalho em regime de co...
Procedimento Concursal comum para 9 (nove) postos de trabalho em regime de co...Procedimento Concursal comum para 9 (nove) postos de trabalho em regime de co...
Procedimento Concursal comum para 9 (nove) postos de trabalho em regime de co...
Pedro França
 
отчет об исполнении учреждением плана его финансово хозяйственной деятельност...
отчет об исполнении учреждением плана его финансово хозяйственной деятельност...отчет об исполнении учреждением плана его финансово хозяйственной деятельност...
отчет об исполнении учреждением плана его финансово хозяйственной деятельност...
virtualtaganrog
 
морское путешествие по островам
морское путешествие по островамморское путешествие по островам
морское путешествие по островам
virtualtaganrog
 

En vedette (16)

Moda Susi
Moda SusiModa Susi
Moda Susi
 
Основные тенденции в экономике и денежно-кредитной сфере РБ
Основные тенденции в экономике и денежно-кредитной сфере РБОсновные тенденции в экономике и денежно-кредитной сфере РБ
Основные тенденции в экономике и денежно-кредитной сфере РБ
 
Gestor carlos
Gestor carlosGestor carlos
Gestor carlos
 
Presupuesto GAD Puembo 2012
Presupuesto GAD Puembo 2012Presupuesto GAD Puembo 2012
Presupuesto GAD Puembo 2012
 
Wtty-wills new profile
Wtty-wills new profileWtty-wills new profile
Wtty-wills new profile
 
Обзор рынка платежных карточек - 2015
Обзор рынка платежных карточек - 2015 Обзор рынка платежных карточек - 2015
Обзор рынка платежных карточек - 2015
 
108600389 dd-report
108600389 dd-report108600389 dd-report
108600389 dd-report
 
TCoE
TCoETCoE
TCoE
 
Lista unitária graduação musica 1986
Lista unitária graduação musica 1986Lista unitária graduação musica 1986
Lista unitária graduação musica 1986
 
Procedimento Concursal comum para 9 (nove) postos de trabalho em regime de co...
Procedimento Concursal comum para 9 (nove) postos de trabalho em regime de co...Procedimento Concursal comum para 9 (nove) postos de trabalho em regime de co...
Procedimento Concursal comum para 9 (nove) postos de trabalho em regime de co...
 
отчет об исполнении учреждением плана его финансово хозяйственной деятельност...
отчет об исполнении учреждением плана его финансово хозяйственной деятельност...отчет об исполнении учреждением плана его финансово хозяйственной деятельност...
отчет об исполнении учреждением плана его финансово хозяйственной деятельност...
 
морское путешествие по островам
морское путешествие по островамморское путешествие по островам
морское путешествие по островам
 
зима 10гр.
зима 10гр.зима 10гр.
зима 10гр.
 
Cedula Presupuestaria de Ingresos Gad Puembo 2014
Cedula Presupuestaria de Ingresos Gad Puembo 2014Cedula Presupuestaria de Ingresos Gad Puembo 2014
Cedula Presupuestaria de Ingresos Gad Puembo 2014
 
осень 9гр
осень 9гросень 9гр
осень 9гр
 
Минимизация валютного риска во внешней торговле (на примере курса EUR/RUR)
Минимизация валютного риска во внешней торговле (на примере курса EUR/RUR)Минимизация валютного риска во внешней торговле (на примере курса EUR/RUR)
Минимизация валютного риска во внешней торговле (на примере курса EUR/RUR)
 

Similaire à Improve Information Security Practices in the Small Enterprise

Optimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to SuccessOptimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to Success
Sirius
 
Select and Implement a Next Generation Endpoint Protection Solution
Select and Implement a Next Generation Endpoint Protection SolutionSelect and Implement a Next Generation Endpoint Protection Solution
Select and Implement a Next Generation Endpoint Protection Solution
Info-Tech Research Group
 
MCGlobalTech Commercial Cybersecurity Capability Statement
MCGlobalTech Commercial Cybersecurity Capability StatementMCGlobalTech Commercial Cybersecurity Capability Statement
MCGlobalTech Commercial Cybersecurity Capability Statement
William McBorrough
 
Meraj Ahmad - Information security in a borderless world
Meraj Ahmad - Information security in a borderless worldMeraj Ahmad - Information security in a borderless world
Meraj Ahmad - Information security in a borderless world
nooralmousa
 
Convergence innovative integration of security
Convergence innovative integration of securityConvergence innovative integration of security
Convergence innovative integration of security
ciso_insights
 

Similaire à Improve Information Security Practices in the Small Enterprise (20)

Secure Your High Risk Data
Secure Your High Risk Data Secure Your High Risk Data
Secure Your High Risk Data
 
MCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service PresentationMCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service Presentation
 
Optimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to SuccessOptimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to Success
 
Connection can help keep your business secure!
Connection can help keep your business secure!Connection can help keep your business secure!
Connection can help keep your business secure!
 
New technologies - Amer Haza'a
New technologies - Amer Haza'aNew technologies - Amer Haza'a
New technologies - Amer Haza'a
 
Select and Implement a Next Generation Endpoint Protection Solution
Select and Implement a Next Generation Endpoint Protection SolutionSelect and Implement a Next Generation Endpoint Protection Solution
Select and Implement a Next Generation Endpoint Protection Solution
 
Security-Brochure
Security-BrochureSecurity-Brochure
Security-Brochure
 
Security-Brochure
Security-BrochureSecurity-Brochure
Security-Brochure
 
Assessing and Managing IT Security Risks
Assessing and Managing IT Security RisksAssessing and Managing IT Security Risks
Assessing and Managing IT Security Risks
 
For the CISO: Continuous Cyber Attacks - Achieving Operational Excellence for...
For the CISO: Continuous Cyber Attacks - Achieving Operational Excellence for...For the CISO: Continuous Cyber Attacks - Achieving Operational Excellence for...
For the CISO: Continuous Cyber Attacks - Achieving Operational Excellence for...
 
Security Analytics and Big Data: What You Need to Know
Security Analytics and Big Data: What You Need to KnowSecurity Analytics and Big Data: What You Need to Know
Security Analytics and Big Data: What You Need to Know
 
How to Secure your Fintech Solution - A Whitepaper by RapidValue
How to Secure your Fintech Solution - A Whitepaper by RapidValueHow to Secure your Fintech Solution - A Whitepaper by RapidValue
How to Secure your Fintech Solution - A Whitepaper by RapidValue
 
MCGlobalTech Commercial Cybersecurity Capability Statement
MCGlobalTech Commercial Cybersecurity Capability StatementMCGlobalTech Commercial Cybersecurity Capability Statement
MCGlobalTech Commercial Cybersecurity Capability Statement
 
Prevent & Protect
Prevent & ProtectPrevent & Protect
Prevent & Protect
 
Meraj Ahmad - Information security in a borderless world
Meraj Ahmad - Information security in a borderless worldMeraj Ahmad - Information security in a borderless world
Meraj Ahmad - Information security in a borderless world
 
Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdf
 
Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdf
 
Information Security vs IT - Key Roles & Responsibilities
Information Security vs IT - Key Roles & ResponsibilitiesInformation Security vs IT - Key Roles & Responsibilities
Information Security vs IT - Key Roles & Responsibilities
 
Convergence innovative integration of security
Convergence innovative integration of securityConvergence innovative integration of security
Convergence innovative integration of security
 
7 Best Practices to Protect Critical Business Information [Infographic]
7 Best Practices to Protect Critical Business Information [Infographic]7 Best Practices to Protect Critical Business Information [Infographic]
7 Best Practices to Protect Critical Business Information [Infographic]
 

Dernier

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 

Dernier (20)

Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 

Improve Information Security Practices in the Small Enterprise

  • 1. Express Info-Tech Research Group 11 Info-Tech Research Group, Inc. is a global leader in providing IT research and advice. Info-Tech’s products and services combine actionable insight and relevant advice with ready-to-use tools and templates that cover the full spectrum of IT concerns. © 1997-2016 Info-Tech Research Group Inc. Improve Information Security Practices in the Small Enterprise Create a realistic security plan that manages the threats of today and tomorrow. Strategy Infrastructure Applications Security Info-Tech Research Group, Inc. is a global leader in providing IT research and advice. Info-Tech’s products and services combine actionable insight and relevant advice with ready-to-use tools and templates that cover the full spectrum of IT concerns. © 1997-2016 Info-Tech Research Group Inc.
  • 2. Express Info-Tech Research Group 22 Info-Tech Research Group ANALYST PERSPECTIVE The days of purely high-profile hacking are over. Smaller enterprises are now at the forefront of targeted attacks. Smaller organizations still have valuable data that threat actors want and that can be more easily compromised due to less resources dedicated towards security. Often, small enterprises are compromised for the purpose of being a hopping point to a larger target, generating complex levels of security considerations and legal liabilities. Just because you don’t see headline news about small organizations being breached doesn’t mean it isn’t happening. The reality is that small enterprises are now faced with the same security concerns and requirements as large organizations, but with limited resources. Small enterprises need to know what matters to them even more than large organizations so that they can build a right-sized security program. Wesley McPherson Info-Tech’s Security, Risk, and Compliance Practice The VIP Boardroom at Info-Tech Research Group’s Toronto Office
  • 3. Express Info-Tech Research Group 33 Security programs are a MUST-HAVE, not a nice-to-have WHY? The volume, intelligence, and complexity of threats has been and will be increasing. New Attack Types • Targeted malware • Zero-day vulnerability exploits • Advanced persistent threats (APTs) Increasing Threat Actors • Commodification of hacking techniques • Conventional threats adopting hacking • Increasing in number and complexity Changing Environments • Mobile • Cloud • Big Data • Internet of Things 23%of CIOs polled stated increasing cybersecurity was the most significant driver behind IT investments in 2015 (CIO, 2015). of data breaches impact small businesses. (First Data, 2014) 90%
  • 4. Express Info-Tech Research Group 44 MYTH Cyber-attacks aren’t an issue for small enterprises. 60%of all targeted attacks are towards small to medium-sized organizations. Source: Symantec, 2015. 82%of small to medium-sized businesses consider themselves non-targets for cyber-attacks because they have nothing worth stealing. Source: London Chamber of Commerce and Industry, 2014. AND YET THE UNFORTUNATE REALITY Cyber-attackers prefer targeting smaller enterprises because they often have weak security systems. In a transaction- and data-heavy society, nearly all organizations have highly valuable and sensitive data (contract information, customer data, payment information, etc.).
  • 5. Express Info-Tech Research Group 55 Address foundational and baseline functions of security Info-Tech’s Information Security Framework = Foundational Security Components Focus on components and capabilities that will be the most feasible and critical for your organization. Foundational components include:  Response and recovery capabilities  Prevention  Detection performance Expand into governance to address business awareness of security and to incorporate a security mindset into the organizational culture. Info-Tech SE Perspective
  • 6. Express Info-Tech Research Group 66 Be prepared for all types of incidents Recognize a potential security incident. Business decisions are a common source of IT expansion. Unfortunately, these decisions are rarely done with IT or Security consultation. Unexpected expansions cause more expenses than expected, throwing off budget, resourcing, and project plans. Account for IT systems expansions Addressing security concerns and requirements after the fact impacts budgeting and resourcing. As an IT leader, try to be involved whenever the discussion of IT initiatives is brought up. Traditional security incidents include malware detection, system availability loss, or compromised data. It is not if a security incident will happen, but when. Using risk management to prepare for multiple scenarios could be the difference between business closure and continuity. Marketing moves customer data to the cloud without notifying Security and engaging them while selecting a vendor and migrating data EXAMPLE The Security Implications • Sensitive customer data was sitting in an environment outside of the scope of the organization’s security program. • Unexpected security costs were incurred analyzing the vendor after the fact and addressing concerns related to on-premise to cloud data integrations.
  • 7. Express Info-Tech Research Group 77 Allocated Resources MitigationandControlExpenditure Time Security Incident Reactive Mitigation Posture Proactive Mitigation Posture Take a proactive approach to managing security BENEFIT Proactive mitigation lowers overall security costs over time. Proactive Mitigation Posture • Enables the team to learn from security incidents and apply lessons to security practices, increasing security strength. • Entails pre-emptive “what-if” planning and prevention actions. • Is done to introduce more specific technology, policies, and procedures that better protect information at a lower cost. Reactive Mitigation Posture • Allows for security investments to occur, but does not extensively consider past incidents and incident analysis, keeping security strength stagnant. • Lacks the ability to recognize security incidents before their occurrence. • Involves little analysis of incidents. Security incidents inevitably affect budget planning, regardless of posture. A proactive posture allows for lessons learned that actually improve information security capabilities and cost measures over time.
  • 8. Express Info-Tech Research Group 88 If you answered YES to most of these questions, keep reading this blueprint. If you answered NO to question 4 or have significant concerns with your current security capabilities, go to the Build an Information Security Strategy research. Research Navigation Info-Tech Research Group has two research reports related to building an information security strategy. Use the questions below to help steer you to the research project that best suits your organization. Is this research right for you? 1 Does your IT department consist of fewer than 15 full-time employees? 2 Does your organization have limited resources for its security program? 3 Is your organization looking to build a lean information security strategy? 4 Is your organization in a loosely/un-regulated industry?
  • 9. Express Info-Tech Research Group 99 Improve your ability to prevent security incidents and improve protective practices by leveraging Info-Tech’s four-step approach. Assess Security Requirements Determine Current and Target States Develop Improvement Plans Create and Communicate Your Roadmap Info-Tech Recommends You will need to have a deep understanding of the business, even and especially if your organization does not have an awareness or understanding of information security. Use the information and insight that you gather at the outset to drive your project’s activities and enable you to build and implement a roadmap that best maps to your business’s priorities and vulnerabilities.
  • 10. Express Info-Tech Research Group 1010 Don’t just read it – do it! Use this research to create the following key deliverables. Program Roadmap Scoped Initiatives Security Strategy • Plans for improving the performance of foundational security functions. • A vision for how to mature the organization’s security program (estimated one- to three-year trajectory). WALK AWAY FROM THIS PROJECT WITH: Use this research to create the following key deliverables: Tactical guidance, immediate support.
  • 11. Express Info-Tech Research Group 1111 Use this research to build a security strategy Intended Audience • IT departments with 15 or fewer full-time employees. • Organizations that want to quickly assess and build a security strategy focused on foundational capabilities. Expected Benefits • Completed security strategy documentation using best-practice templates. • Strong understanding of security issues and requirements. • Improved business awareness and understanding of the importance of information security. • Improved performance of critical security functions. This Research Includes • Guidance for analyzing and building security capabilities. • Directions that help to accelerate brainstorming, analysis, and execution of security plans. • Plans for improving the performance of foundational security functions. • A vision for how to mature the organization’s security program (estimated one- to three-year trajectory). WALK AWAY FROM THIS BLUEPRINT WITH: Use the following tools and templates: Information Security Strategy and Workbook Template Security Pressure Posture and Analysis Tool Security Component Maturity Level Descriptions Information Security Program Gap Analysis and Roadmap Tool Project Charter and Status Update Template Information Security Strategy and Roadmap Communication Deck
  • 12. Express Info-Tech Research Group 1212 Want to learn more about this research? Improve Information Security Practices in the Small Enterprise Info-Tech Research Group’s advisory services include a team dedicated to Security, Risk, and Compliance Management Experience of Info-Tech’s security team • Former CIOs and CISOs • Security architects Topics Covered • Security strategy planning • Data Classification • Vulnerability Management • Identity Management • Endpoint Security • Penetration Testing • And many more…
  • 13. Express Info-Tech Research Group 1313 Consulting “Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.” Guided Implementation “Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.” DIY Toolkit “Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.” Workshop “We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.” Info-Tech offers various levels of support to best suit an organization’s IT needs
  • 14. Express Info-Tech Research Group 1414 Info-Tech Research Group is an information technology research and advisory firm that has been working with clients to help them make strategic, practical, and well-informed decisions and plans since 1997. Info-Tech leverages the experience of its analysts and over its 3,000 IT professional members to help build practically oriented research that guides organizations to learn from experiences of their peers and best position their departments and empower their organizations. Info-Tech’s Mission Help IT leaders and their teams: • Systematically improve their core processes and governance • Successfully implement critical technology projects Contact Us London, Ontario, Canada Corporate headquarters 602 Queens Avenue, London, Ontario, N6B 1Y8 Toronto, Ontario, Canada 888 Yonge Street Toronto, Ontario, M4W Las Vegas, Nevada, USA 3960 Howard Hughes Parkway, Suite 500 Las Vegas, Nevada 89169 Website: Infotech.com Phone: North America: 1-888-670-8889 International: +1-519-432-3550 INFO-TECH RESEARCH GROUP