Here’s a good piece that Entrepreneur Magazine put together for SMBs to ensure they have a secure information systems environment. I don’t disagree with any of the recommendations. What I do find interesting is that there’s no mention of “determine where you’re weak”.
Be it in the beginning before you put all of the recommended controls in place (and potentially saving yourself a lot of time/money if it’s determined you don’t need certain types of controls) or after everything is established – you absolutely have to assess where things stand.
You know my feelings on this: You cannot secure what you don’t acknowledge. Building out a supposed secure infrastructure is only one piece of the puzzle. Basic controls are just the beginning.
That’s the fundamental flaw with information security today – especially within SMBs…Owners and managers of SMBs read these recommendations, put their strong firewalls and passwords in place, and leave it at that. Months or years go by and then something bad happens: an employee breach, external hack, malware attack , you name it. All along these very people had no real sense of how secure or unsecure their systems really were. Don’t follow their lead.
“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.
His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”