Download PDF version Contact company
 SANS’ webcast series will make SMEs aware of the many options they have for managing information security risks
 SANS' webcast series aims to empower SMEs to make good risk management decisions

"Millions of small businesses assume that Information security is just too complex," explains Jim Herbeck, an instructor for the SANS Institute. "But by breaking down the complete process into smaller, bite sized chunks using the same best practice favoured by larger organisations, SMEs (Small Medium Enterprises) should understand that having good information security is a very realistic goal."

SME managers need to be informed consumers. Because many information security products and services are targeted for large, multi-national organisations, they may not scale to the budgetary or staffing constraints at SMEs. One of the goals of this webcast series is to make SMEs aware of the many options they have for managing information security risks, and empowering SMEs to make good risk management decisions.

Herbeck's approach to information security is very business-centric. As part of his ongoing research at the Business Information Security Competency Center at the Geneva School of Business Administration, he developed a simplified version of the ISO 27001 information security standard for SME's to use. "The Information Risk Framework is a combination of ISO 27001, ISO 27005, and the SANS Institute 20 Critical Security Controls," says Herbeck. "The Framework includes 33 risk areas organised into eight common business functions. While half the Framework covers IT-related risk areas, the rest specifies non-IT-related risk. This underscores my belief that information security is a business risk, not just an IT risk."

In addition to his work co-founding the Business Information Security Competency Center and teaching for the SANS Institute, Herbeck is a security consultant who has spent over 20 years working with information systems in commercial, government, academic, and research environments, both in the US and Europe. His most recent work with large multi-national organisations has given him some unique insights. "Many large multi-nationals look and behave like a large multi-national when you're sitting in the headquarters building," Herbeck explains. "However, when you visit the subsidiary business units, they look and behave like an SME. My work for several clients involved tailoring large information security programs to work within the constraints of smaller business units. I quickly realised that this approach could have wide ranging application with SME's in general."

The last installment of the SME webcast series took place on February the 21st, when Herbeck offered a session to help SMEs create an information security policy in a compact and risk driven fashion in a fraction of the time required by bigger organisations. In March, Herbeck will present a webcast on Managing Network-related Risk, and April's session will cover Managing Legal, Regulatory, and Compliance Risk.

Download PDF version Download PDF version

Related videos

ROAMEO Gen 4 patrolling St. Louis in support of NCAA Frozen four championship

ROAMEO Gen 4 patrolling St. Louis in support of NCAA Frozen four championship
Overcoming security challenges in digital access: Expert tips & insights

Overcoming security challenges in digital access: Expert tips & insights
SARISA firing tests

SARISA firing tests

In case you missed it

How should security adapt to the unique aspects of the corrections market?
How should security adapt to the unique aspects of the corrections market?

Physical security technologies are a prominent tool used by correctional facilities to provide a safe, secure, and controlled environment for staff, inmates, and the wider communit...

How retailers can use AI video security to combat the retail theft crisis
How retailers can use AI video security to combat the retail theft crisis

Retailers now often find themself in a precarious situation. Profit margins are being squeezed by widespread shoplifting: The Council on Criminal Justice reports that between the f...

Upskilling and evolving: the changing role of systems integrators
Upskilling and evolving: the changing role of systems integrators

Technology advances in the security industry are transforming the way modern systems are designed and installed. Customers today are looking for greater scalability and flexibility...

Featured white papers
Using artificial intelligence (AI) to automate physical security systems

Using artificial intelligence (AI) to automate physical security systems

Download
A modern guide to data loss prevention

A modern guide to data loss prevention

Download
7 proven solutions for law enforcement key control and asset management

7 proven solutions for law enforcement key control and asset management

Download
The truth behind 9 mobile access myths

The truth behind 9 mobile access myths

Download
Access control system planning phase 2

Access control system planning phase 2

Download
Quick poll
Which trend do you think will define physical security in the next 5 years?
More events news
Dahua Technology successfully exhibit new products at Intersec 2012

Dahua Technology successfully exhibit new products at Intersec 2012
BSIA reports record level of visitor interest for security solutions at Intersec 2012

BSIA reports record level of visitor interest for security solutions at Intersec 2012
Ipsotek bags Highly Commended certificate at ADS Security and Innovation Awards 2012

Ipsotek bags Highly Commended certificate at ADS Security and Innovation Awards 2012
Featured products
Climax Mobile Lite: Advanced Personal Emergency Response System (PERS)

Climax Mobile Lite: Advanced Personal Emergency Response System (PERS)
Hikvision DeepinViewX AI Cameras for Perimeter Protection

Hikvision DeepinViewX AI Cameras for Perimeter Protection
Dahua 8MP AI WizSense TiOC Bullet Camera

Dahua 8MP AI WizSense TiOC Bullet Camera