Many businesses in the United States have been putting resources—including people, technology, and budgets—into protecting themselves from information security and cybersecurity threats. As a result, they have become a more difficult target for malicious attacks from hackers and cyber criminals. Consequently, hackers and cyber criminals are now successfully focusing more of their unwanted attention on less secure businesses. Because small businesses typically don’t have the resources to invest in information security the way larger businesses can, many cyber criminals view them as soft targets.
Enterprise security has grown in complexity over the last decade. The goal of this publication is to show the proper methods of creating, implementing, and enforcing an enterprise information security plan. During the initial phase of the plan, the assessment, it is imperative that the shareholders of the enterprise identify the most valuable assets that need protection. The information technology department must be part of this determination so that strategies for network vulnerability mitigation can begin to emerge. Once there is a clear image of what it is that needs the most protection, then costing analysis can start.
That is why identifying all possible vulnerabilities is critical so that if cost is an issue we can start prioritizing those assets in terms of what risks can the business afford versus what policies must be in place to avoid the exposure of the asset to the risk, by curbing employees’ current behaviour. Once the list of assets is solidified, begin conducting real time threat assessments keeping in mind that there are external (via Internet) as well as internal (employees) threats that must be considered. Each threat to our assets comes with its own vulnerability areas.
Once the threats are identified we almost have to become criminal-minded to identify how much vulnerability accompanies each threat. Share the list with the shareholders and our management staff so that different perspectives are taken into consideration. Some of the vulnerabilities may be averted by creating policies for permissible network usage.
Your small business may have money or information that can be valuable to a criminal; your computer may be compromised and used to launch an attack on somebody else (i.e., a botnet), or your business may provide access to more high-profile targets through your products, services, or role in a supply chain.
It is important to note that criminals aren’t always after profit. Some may attack your business out of revenge (e.g. for firing them or somebody they know), or for the thrill of causing havoc. Similarly, not all events that affect the confidentiality, availability, or integrity of your information (called “information security events”) are caused by criminals. Environmental events such as fires or floods, for example, can severely damage computer systems.
Unfortunately, in one respect, small businesses often have more to lose than larger organizations simply because an event—whether a hacker, natural disaster, or business resource loss—can be extremely costly. Small businesses are often less prepared to handle these events than larger businesses, but with less complex operational needs, there are many steps a small business may be able to take more easily.
Thus, it is vitally important that you consider how to protect your business. Small businesses often see information security as too difficult or that it requires too many resources to do. It is true that there is no easy, one-time solution to information security – it takes time and careful consideration with all relevant stakeholders. However, when viewed as part of the business’s strategy and regular processes, information security doesn’t have to be intimidating.
From now on exhibitors can apply for the Security Innovation Award 2020. This important award honors outstanding achievements in the industry with a prize which can be used for effective public relations and advertizing. The winners will be announced at this year’s Security Essen, which will be held at Messe Essen from 22 to 25 September.
As the leading fair of the security industry, Security Essen is the showcase for innovations every two years. The Security Innovation Award is the seal of approval for new developments at the highest level. For this purpose, a group of experts who will come together in a competent jury will evaluate a product according to its innovative content and user benefit as well as its economic efficiency and reliability. At the same time, the evaluation process will also take account of the positive effect on people and society.
The jury of the Security Innovation Award will consist of 23 members, who will evaluate the submissions in several rounds, both professionally and critically. They will include Florian Haacke, Head of Corporate Security at Dr. Ing. h.c. F. Porsche; Michael Ridder, Security Manager Germany at Uniper Global Commodities SE; Dr. Harald Olschok, General Manager of the Federal Association of Guard and Security Companies (BDSW) or also Andreas Nenner, Director Corporate Security at Fresenius SE & Co. KgaA. The jury will be chaired by Jens Washausen, Deputy Chairman of the Federal Association of Independent German Security Consultants and Engineers (BdSI) and Managing Director at GEOS Germany GmbH, a management consultancy for crisis and security management.
The Security Innovation Award will be presented for the seventh time this year. All exhibitors who take part in Security Essen 2020 may apply. The registered new development must be relevant for the security industry and the market launch may have taken place no earlier than 1 January 2019. Concepts whose market launch is still to come may also be submitted. One application per exhibitor will be possible from 1 March. The closing date for applications will be 15 June 2020 and participation in the competition will be free of charge. The public award ceremony will take place on 22 September 2020 during the trade fair.
The images and text displayed above are under the copyright law and authority of the holder of the event and image and will not be used for any marketing, financial and profiteering of any kind. The Goal of these articles is merely further publicity.