I don't think Andy is looking to drop a large guides down on the desks
of small businesses, and I agree there are way too many for these
individuals to comprehend. That's why we all have jobs! I believe his
goal is to help decrypt the meanings of things like NIST, PCI, NSA, etc.
into terms and words a small business owner with very little IT
experience can understand. Take for example a small four or five man
shop who knows they need better security but could potentially be told
to buy a toaster as it will prevent SPAM, and as a result they go out
and buy toasters. I know that's a bit of a stretch but I think a
document which breaks it down so they can make better choices and invest
money a little wiser would be beneficial.
Just a couple pennies from little ole me :-)
--
Thank you,
Robert Miller
http://www.armoredpackets.com
Twitter: @arch3angel
On 12/3/12 12:42 PM, Brian Erdelyi wrote:
I agree with Josh.
Focus on an existing guide. Help prioritize those recommendations.
For example, BCP would be nice... maybe you focus on recommending data
backup and recovery. I've seen too many business struggle after a
disaster and eventually close doors.
A small business will likely be overwhelmed by a large guide.
Brian
Sent from my iPhone
On Dec 3, 2012, at 1:24 PM, Josh More <[email protected]
<mailto:[email protected]>> wrote:
I really wish I had the time to delve into this discussion.
However, given everything else I'm juggling, I just want to say that
small business is currently drowning in recommendations and, as a
result, is unable to follow any of them. Look at the work the NSA,
NIST, PCI and SANS have done in this field. Little of it has been
embraced by the small business community. If you truly want to help,
an additive process is unlikely to help. Consider focusing on only
three items. I know this leaves holes, but remember, they're ridden
with holes now and despite what we all want, they're not going to
plug them all.
If this is unsuitable / too hard, consider reworking the concept into
a flow chart infographic. Such as "Do you have a Firewall/UTM/NGFW?
If not, get one. If so, tune it and go to next" -> "Do you have a
reliable anti-malware system? If not, get one. If so, are you
tuning it regularly?" I think that would be far more likely to cause
positive change than yet another dense report full of advice they're
not going to take.
-Josh More
On Mon, Dec 3, 2012 at 9:34 AM, Bradley McMahon
<[email protected] <mailto:[email protected]>> wrote:
I would include * BCP - business continuity plan - corruption,
fires, data theft are indiscriminate. Basically have a meeting
and go through all the worst case scenarios and figure out a cost
effect way to handle it that works for the company. Having
insurance is a good idea
-Brad
On Mon, Dec 3, 2012 at 8:06 AM, Herndon Elliott
<[email protected] <mailto:[email protected]>> wrote:
It was kinda touched on, but not directly mentioned: Incident
Response...planning and pre-determined actions, call list etc
when it
all goes wrong. Also, training was mentioned, but some level of
common sense warnings as displayed in this wonderful bank sign:
http://krebsonsecurity.com/2012/11/all-banks-should-display-a-warning-like-this/
Herndon Elliott
Madison, Al
_______________________________________________
Pauldotcom mailing list
[email protected]
<mailto:[email protected]>
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com
_______________________________________________
Pauldotcom mailing list
[email protected]
<mailto:[email protected]>
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com
_______________________________________________
Pauldotcom mailing list
[email protected] <mailto:[email protected]>
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com
_______________________________________________
Pauldotcom mailing list
[email protected]
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com
_______________________________________________
Pauldotcom mailing list
[email protected]
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com
