Information
Download
1 / 12

Information security management in SMB sector - PowerPoint PPT Presentation


  • 57 Views
  • Uploaded on

Information security management in SMB sector. mag.oec . Sasa Aksentijevic , univ.spec.oec, ph.d . cnd . ICT forensics court expert Nova Gorica, Slovenia , November 2011. What is SMB company? Two criteria: Financial criteria Number of employees Micro business/company :

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' Information security management in SMB sector' - hermione-wright


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

mag.oec. Sasa Aksentijevic, univ.spec.oec, ph.d. cnd.

ICT forensicscourtexpert

Nova Gorica, Slovenia, November 2011.


  • What is SMB company?

  • Two criteria:

  • Financial criteria

  • Number of employees

  • Micro business/company:

  • Number of employees : < 10 employees

  • Financial criteria: 2-10 mil. EUR revenue and/or up to 2 mil. EUR in balance sheet total

  • Small business/company:

  • Number of employees : < 50 employees

  • Financial criteria: 10-50 mil. EUR revenue and/or up to 10 mil. EUR in balance sheet total

  • Medium business/company:

  • Number of employees: < 250 employees

  • Financial criteria: 50-250 mil. EUR revenue and/or up to 43 mil. EUR in balance sheet total

mag.oec. Sasa Aksentijevic, univ.spec.oec, ph.d. cnd.

ICT forensicscourtexpert

Nova Gorica, Slovenia, November 2011.



Small Business Information Security: The Fundamentals

Author: Richard Kissel

National Institute of Standards and Technology

US Department of Commerce

October 2009

16 pages

1. Introduction

2. "The absolutely neccessary" actions that a small business should take to protect

its information, systems and networks

3. Highly Recommended Practices

4. Other planning considerations for information, computer and network security

Appendix A: Identifying and prioritizing your organization`s information types

Appendix B: Identifying the protection needed by your organization`s priority information types

Appendix C: Estimated costs from bad things happening to your important business information


Risk Management & IT Security for Micro and Small Businesses

International Association of Accountants Innovation & Technology Consultants (IAAITC)

European Network and Information Security Agency (ENISA)

Micro Entrepreneurs Acceleration Institute (MEA-I)

WKO- Information and Consulting Division

2007. (guide/deliverable)

CONTENTS

How to proceed with Information Security

Phase 1: Risk Profile Selection

Phase 2: Critical Assets Identification

Phase 3: Control Card Selection

Phase 4: Risk Management and Implementation

Organisation Controls

Organisational Control Cards

Asset Based Control Cards

System

Network

People

Application

Asset Based Controls

Appendices

Action Checklist

IT Security Questionnaire

Notes


ISSA-UK 5173

Information Security for Small and Medium Sized Enterprises

March 2011

Draft of standard, 10 pages

Purpose

“This paper, prepared by a working group of the ISSA (UK), sets out recommendations on

information security controls for small and medium enterprises (SMEs). There are already

several sources of educational advice for SMEs, but none currently aims to set a standard

for information security. This document is intended to serve primarily as a reference

document for helping to determine an appropriate level of security for SMEs. It is hoped

that others will build on this work and develop interpretation guidelines for specific sectors

or circumstances, as well as appropriate educational materials.”


SMB companies and ISO 27001

ISO/IEC 27001 for Small Businesses – Practical advice

Manual

ISO Secretary-General Rob Steele and IEC General Secretary Ronnie Amit comment in the foreword to the handbook: "An information security management system based on ISO/IEC 27001:2005 can empower the small business to compete successfully on today's globalizing markets. This handbook is intended to provide the key to the door.“

Annual audit

Fee

< £100,000

£495

£100,000 - £5m

£795

> £5m

Subject to individual quotation

Annual turnover

Fee

< £100,000

£2,999

£100,000 - £500,000

£3,999

£500,000 - £1.5m

£4,499

£1.5m - £3m

£4,999

£3m - £10m

£4,999, plus £125 for each additional £1m turnover above £3m

> £10m

Subject to individual quotation

What about consultancy cost?

(~ 70 £ / hour – freelance)

Documents? 60+

Opportunity cost?



ad