Share what you know with millions of people
Focus is the best place to turn what you know into remarkable content
1
Are SMB's performing and documenting security risk assessments?
Security Management relies on properly identifying and valuing company asets and then implementing proper controls through security policies, procedures, standards, and guideline. Are small to medium size organizations actually performing risk assessments prior to selecting and implementing these security controls? How are security funding decisions being made in most smal to medium size organizations?
Events
- Dos and Don'ts of Small Business Marketing May 29 @ 11 am PT
- Lead Nurturing 202: The Next Generation May 31 @ 11 am PT
- The Tricks to Paid Media June 6 @ 11 am PT
- Display Advertising for Brand Awareness June 20 @ 11 am PT
Related Activity
2 Answers
I would be inclined to say that the vast majority of SMB's are not formally performing structured security assessments or documenting security risks unless -- perhaps -- forced to do so because they are in a heavily regulated environment.
I'd say that most security funding decisions in such organizations are driven from a factor other than security risk assessment, and may be initiated by customer request/demand or regulatory requirements (or perception of said requirements).
This leads to security funding that is largely erratic, or at the very least, unstructured and unrepresentative of the real threats faced by an organization. I'd be delighted if I could find enough people to suggest that my observations here are invalid or outdated.
-ASB: http://XeeMe.com/AndrewBaker
Secure environments are hard to establish in a small business because there may be no need to document actions at all times. As the business waxes and wanes in this environment documentation has to be provided to protect changes and assets.This is part of their growing pains. The problem is many businesses do not plan for this part of the business because it is not budgeted for.
Answer This Question