Bag om Information Security for Small and Midsized Businesses
Small and midsized businesses (SMBs) have the same information security concerns and needs as large organizations yet are often hampered by resource limitations. Most large companies have a Chief Information Security Officer (CISO) to lead and manage information security programs, initiatives, and risks. However, the cost of retaining a full-time CISO is often prohibitive for SMBs.
This gap has led to the rise of the virtual CISO, or vCISO role. A vCISO is a part-time consultant that works virtually (remotely) as opposed to in person (which would be more precisely defined as a fractional CISO). Because of the high demand for CISO experience, the virtual nature keeps the cost of engaging a vCISO relatively low.
This guide is the result of discussing those common needs. It is our hope that, by collating and presenting the most significant ones, we can help SMBs begin their journey to a more secure environment. We have strived to present all topics in plain English, focusing more on the business needs, rather than using "Giga-mumbo-jumbo" terminology, to paraphrase an early career mentor of mine. And that is the key, because at the core information security is two things - a business issue, and risk management.
We have organized this publication in a somewhat cohesive order so subsequent chapters build off the previous yet kept each independent enough to allow this to be also used as a reference. In other words, you may choose to read it sequentially or by chapter based on topic interest (or both). Our goal is to provide a simple yet powerful resource to you, the SMB executive, so you may be able to make risk informed decisions. To that end, we welcome all feedback so we may improve the next edition.
Vis mere