Adaptive SME security guide (FREE!)
I am delighted to announce the release of Adaptive SME Security:
The guide describes a pragmatic, five-phased approach for Small to Medium-sized Enterprises to manage their information risk and security arrangements:
The flexible approach is readily adapted for any type of SME such as small commercial organisations, family businesses, charities, clubs, societies and groups.
Other SME security guides (including ISO's own) typically anticipate resources that smaller SMEs lack, or simply recommend a few generic security controls that someone considers to be the bare minimum. Opinions vary on what those are.
We took a different line, developing a simple cyclical process through which SMEs can pick out, analyse and address their information risks step-by-step. The included notes plus references to other guides takes the page count up to ~50 but hopefully SME readers will appreciate the guidance.
The guide was prepared by a wonderful team of collaborators - all members of the ISO27k Forum - and is available now, for free.
Download from www.iso27001security.com/ Adaptive_SME_Security_v1.pdf.
Feedback comments, corrections and especially improvement suggestions are very welcome via the ISO27k Forum or to any of the authors (you'll find email links in the PDF).
Meanwhile, I am looking for SMEs to act as guinea pigs, trying out the approach with my gentle encouragement if needed. I'd like to prove the method and develop some case study materials to demonstrate its worth. If you'd like to participate in the study, please email me: Gary@isect.com